Multi Factor Authentication
Supported MFA methods
Authenticator App
The user sets up an App, for example Google Authenticator, which will provide a changing password the user enters when they sign in.
Email message
An email message is sent to the user’s verified email address when the user signs in. It contains a code the user will enter.
SMS message
An SMS message is setn to the user’s verified mobile number when the user signs in. It contains a code the user will enter.
Group Policy configuration
MFA requirement configuration can be done through Group Policies. See the Security tab of the Group Policy editor for the options.
The configuration options are:
MFA usage is recommended
MFA usage is required
Which MFA methods are allowed
Making MFA usage recommended causes users who haven’t set up MFA yet to see a notification when they sign in. It offers them a chance to set up MFA. They can skip it and continue the sign in process. If they proceed with the MFA setup, their “Uses MFA” preference will be set and they will continue to use MFA when they sign in later, even if the recommendation is removed.
Making MFA usage required causes users who haven’t set up MFA yet to be forced to perform Email or SMS verification every time they sign in.
User’s MFA preferences
The following preferences are stored per user:
Does user use MFA when they sign in
Which MFA method they prefer
Keys for some MFA methods which require them
Change user’s MFA preferences
An user can change their MFA preferences through the management view’s personal menu. They can disable or set up another preferred MFA method.
Disabling MFA for an user
If an user wishes to disable MFA when they sign in, they can do any of the following:
Reset their password. Successful password reset clears MFA preferences.
Re-configure or disable MFA through the management view’s personal menu