Description

An Org Admin can set up Multi-Factor Authentication (MFA) within the GenRocket web platform. MFA ensures multiple levels of security are used to verify each user as they log in. Once set up, users must verify their identity using MFA before accessing the platform. 


In This Article


User MFA Verification Methods

  • Verification Method 1 - The user logs into the platform with a username and password.
  • Verification Method 2 - The user receives an MFA Code via email. This code must be entered within the platform to gain access.


What Will Users See Once MFA is Enabled?


How to Enable MFA for Your Organization

To set up MFA, complete these steps: 

  • Log into the GenRocket web platform as an Org Admin.
  • Expand the Organization Menu and select My Organization.



  • Select Manage MFA.



  • The following options can be configured for MFA.

    Code via EmailThe MFA code will be sent via email. This is currently the only available option.
    Code SizeDetermines the size of the MFA Code sent to users via email. The default is 4 digits. The MFA code can be 4 to 8 digits.
    Timeout Type
    Timeout
    Controls the MFA session's validity period for users. If the interval between the user's login time and their last login time exceeds this validity period, GenRocket will ask for a new MFA Code at login.
    • Minutes - Allowed value is between 0 and 60. The default value is 0. 
    • Hours - Allowed value is between 0 and 24. The default value is 0.
    Incorrect Attempts AllowedOrganization Admin(s) will be notified automatically via email when a user surpasses the set limit for inputting the MFA code incorrectly. The default value is 3.
    Resend Attempts AllowedOrganization Admin(s) will be notified automatically via email when a user surpasses the set limit for resending the MFA code. The default value is 3.


  • Select Activate to enable MFA for your organization. A checkmark means it is enabled.
  • Click Save once finished.


  • After a user has completed the initial authentication process, Org Admin(s) will see two more options in the Edit User form.

    MFA Method
    This appears for all users. It will not show a selected method until the user has completed MFA Code verification for the first time. Code via Email is the only available option at this time.
    Enable MFA
    This will only appear in the Edit User form after the user has completed MFA Code verification for the first time. It is automatically enabled and cannot be changed by default. 

    Important: If the user exceeds the set incorrect attempt limit or the resend attempt limit, this option will be available within the Edit User form to re-enable MFA for the user. 


What if a User Exceeds the Number of Incorrect or Resend Attempt Limits? 

When a user exceeds these set limits, MFA will be automatically disabled for the user. The user will see the following message on their screen. 


 

An Org Admin will receive an automated email notification regarding the user exceeding the set limit. 



To re-enable MFA for the user, an Org Admin must complete the following steps from the My Organization page. 

  • Locate the user and click on Edit (Pencil).



  • Select the enable MFA checkbox within the Edit User form and click Save.