Skip to main content
Version: 3.25

MFA (Multi-Factor authentication)

When enabling the Multi-Factor authentication, an extra security layer is added to the account. You can log in with the password, and additionally with the code sent to a device.

info

For this feature, Google Authenticator and Microsoft Authenticator are some of the applications that can be used to perform the Multi-Factor authentication

For additional MFA settings check security settings.

Enable Multi-Factor Authentication

To enable the Multi-Factor authentication for the user, follow these steps:

  1. Click on the drop-down menu in the title bar, next to the user name

  2. Select the Token option

  3. Click Yes to proceed with the token setting

  4. Launch the authentication application from your mobile device and read the QR code displayed on the screen by using the camera.

    The token is then registered in the application, and an authentication code is displayed.

  5. Click on the click here link to validate the token

    Validation token window

  6. Fill in the Token field with the application-generated code

  7. Click on the Validate button.

    From this moment, when logging in, you will need to perform the Multi-Factor authentication, which means using the password and the application-generated code.

caution

Events related to Multi-factor authentication settings are notified through SIEM AND SYSLOG.

MFA to start session

The senhasegura also allows administrators to force users to use a Multi-Factor authentication before starting the session. This helps ensure that only authorized users can use credentials with elevated privileges.

  1. Go through the menu Settings ➔ System parameters ➔ System parameters ➔ Security;

  2. Enable the option Force double-factor authentication to start session?;

    2FA to start session

By enabling this option, before starting the session, the user will have to enter the authenticator code he has configured in the senhasegura

TOTP Token periodic request configuration

This configuration makes it possible to force the token request at each password view or access.

  1. Go to Settings ➔ System Parameters ➔ System Parameters ➔ Security

  2. Set the time parameters:

  • Time between escrow token request (minutes)

  • Time between the token request for sessions (minutes)