Description

An Org Admin can set up Multi-Factor Authentication (MFA) within the GenRocket web platform. MFA ensures multiple levels of security are used to verify each user as they log in. Once set up, users must verify their identity using MFA before accessing the platform. 

In This Article

• User MFA Verification Methods
• What Will Users See Once MFA is Enabled?
• How to Enable MFA for Your Organization
• What if a User Exceeds the Number of Incorrect or Resend Attempt Limits? 

User MFA Verification Methods

• Verification Method 1 - The user logs into the platform with a username and password.
• Verification Method 2 - The user receives an MFA Code via email. This code must be entered within the platform to gain access.

What Will Users See Once MFA is Enabled?

• Upon their next login, all users (including Org Admins) will be prompted for an MFA code. They will receive an MFA code via email. 
  
  
  Note: For detailed user login steps, please see this article: Multi-Factor Authentication (MFA) User Login Steps.

How to Enable MFA for Your Organization

To set up MFA, complete these steps: 

• Log into the GenRocket web platform as an Org Admin.
• Expand the Organization Menu and select My Organization.
  
  
  
  
• Select Manage MFA.
  
  
  
• The following options can be configured for MFA.
  
  

  Code via Email	The MFA code will be sent via email. This is currently the only available option.
  Code Size	Determines the size of the MFA Code sent to users via email. The default is 4 digits. The MFA code can be 4 to 8 digits.
  Timeout Type Timeout	Controls the MFA session's validity period for users. If the interval between the user's login time and their last login time exceeds this validity period, GenRocket will ask for a new MFA Code at login. Minutes - Allowed value is between 0 and 60. The default value is 0.  Hours - Allowed value is between 0 and 24. The default value is 0.
  Incorrect Attempts Allowed	Organization Admin(s) will be notified automatically via email when a user surpasses the set limit for incorrectly inputting the MFA code. The default value is 3.
  Resend Attempts Allowed	Organization Admin(s) will be notified automatically via email when a user surpasses the set limit for resending the MFA code. The default value is 3.

  
  
  
  
• Select Activate to enable MFA for your organization. A checkmark means it is enabled.
  
• Click Save once finished.
  
  
  
• After a user has completed the initial authentication process, Org Admin(s) will see two more options in the Edit User form. 
  
  
• The Edit User form can be accessed from the My Organization page. Locate the user in the Users tab and then select the Pencil. Remember to save your changes. 
  
  
  
  

  MFA Method	This appears for all users. It will not show a selected method until the user has completed MFA Code verification for the first time. Code via Email is the only available option at this time.
  Enable MFA	This will only appear in the Edit User form after the user has completed MFA Code verification for the first time. It is automatically enabled and cannot be changed by default.  Important: If the user exceeds the set incorrect attempt limit or the resend attempt limit, this option will be available within the Edit User form to re-enable MFA for the user.

  
  
  

What if a User Exceeds the Number of Incorrect or Resend Attempt Limits? 

When a user exceeds these set limits, MFA will be automatically disabled for the user. The user will see the following message on their screen. 

An Org Admin will receive an automated email notification regarding the user exceeding the set limit. 

To re-enable MFA for the user, an Org Admin must complete the following steps from the My Organization page. 

• Locate the user and click on Edit (Pencil).
  
  
  
  
• Select the enable MFA checkbox within the Edit User form and click Save.