Description
An Org Admin can set up Multi-Factor Authentication (MFA) within the GenRocket web platform. MFA ensures multiple levels of security are used to verify each user as they log in. Once set up, users must verify their identity using MFA before accessing the platform.
In This Article
- User MFA Verification Methods
- What Will Users See Once MFA is Enabled?
- How to Enable MFA for Your Organization
- What if a User Exceeds the Number of Incorrect or Resend Attempt Limits?
User MFA Verification Methods
- Verification Method 1 - The user logs into the platform with a username and password.
- Verification Method 2 - The user receives an MFA Code via email. This code must be entered within the platform to gain access.
What Will Users See Once MFA is Enabled?
- All users (including Org Admins) will be prompted for an MFA code upon their next login. They will receive an MFA code via email.
Note: For detailed user login steps, please see this article: Multi-Factor Authentication (MFA) User Login Steps.
How to Enable MFA for Your Organization
To set up MFA, complete these steps:
- Log into the GenRocket web platform as an Org Admin.
- Expand the Organization Menu and select My Organization.
- Select Manage MFA.
- The following options can be configured for MFA.
Code via Email The MFA code will be sent via email. This is currently the only available option. Code Size Determines the size of the MFA Code sent to users via email. The default is 4 digits. The MFA code can be 4 to 8 digits. Timeout Type
TimeoutControls the MFA session's validity period for users. If the interval between the user's login time and their last login time exceeds this validity period, GenRocket will ask for a new MFA Code at login. - Minutes - Allowed value is between 0 and 60. The default value is 0.
- Hours - Allowed value is between 0 and 24. The default value is 0.
Incorrect Attempts Allowed Organization Admin(s) will be notified automatically via email when a user surpasses the set limit for inputting the MFA code incorrectly. The default value is 3. Resend Attempts Allowed Organization Admin(s) will be notified automatically via email when a user surpasses the set limit for resending the MFA code. The default value is 3. - Select Activate to enable MFA for your organization. A checkmark means it is enabled.
- Click Save once finished.
- After a user has completed the initial authentication process, Org Admin(s) will see two more options in the Edit User form.
MFA Method This appears for all users. It will not show a selected method until the user has completed MFA Code verification for the first time. Code via Email is the only available option at this time. Enable MFA This will only appear in the Edit User form after the user has completed MFA Code verification for the first time. It is automatically enabled and cannot be changed by default.
Important: If the user exceeds the set incorrect attempt limit or the resend attempt limit, this option will be available within the Edit User form to re-enable MFA for the user.
What if a User Exceeds the Number of Incorrect or Resend Attempt Limits?
When a user exceeds these set limits, MFA will be automatically disabled for the user. The user will see the following message on their screen.
An Org Admin will receive an automated email notification regarding the user exceeding the set limit.
To re-enable MFA for the user, an Org Admin must complete the following steps from the My Organization page.
- Locate the user and click on Edit (Pencil).
- Select the enable MFA checkbox within the Edit User form and click Save.