MFA (Multi-Factor authentication)
When enabling the Multi-Factor authentication, an extra security layer is added to the account. You can log in with the password, and additionally with the code sent to a device.
For this feature, Google Authenticator and Microsoft Authenticator are some of the applications that can be used to perform the Multi-Factor authentication
For additional MFA settings check security settings.
Enable Multi-Factor Authentication
To enable the Multi-Factor authentication for the user, follow these steps:
Click on the drop-down menu in the title bar, next to the user name
Select the Token option
Click Yes to proceed with the token setting
Launch the authentication application from your mobile device and read the QR code displayed on the screen by using the camera.
The token is then registered in the application, and an authentication code is displayed.
Click on the click here link to validate the token
Fill in the Token field with the application-generated code
Click on the Validate button.
From this moment, when logging in, you will need to perform the Multi-Factor authentication, which means using the password and the application-generated code.
Events related to Multi-factor authentication settings are notified through SIEM AND SYSLOG.
MFA to start session
The senhasegura also allows administrators to force users to use a Multi-Factor authentication before starting the session. This helps ensure that only authorized users can use credentials with elevated privileges.
Go through the menu Settings ➔ System parameters ➔ System parameters ➔ Security;
Enable the option Force double-factor authentication to start session?;
By enabling this option, before starting the session, the user will have to enter the authenticator code he has configured in the senhasegura
TOTP Token periodic request configuration
This configuration makes it possible to force the token request at each password view or access.
Go to Settings ➔ System Parameters ➔ System Parameters ➔ Security
Set the time parameters:
Time between escrow token request (minutes)
Time between the token request for sessions (minutes)