Multifactor authentication
Multifactor authentication (MFA) is a security approach to verify the legitimacy of a user that requires more than one of the following independent authentication factors:
-
Knowledge factor: Something only the user knows, such as the password or security question answers.
-
Possession factor: Something only the user has, such as an email with a passcode or a user-specific cookie on a client computer or device.
-
Inherence factor: Something unique to the user, such as fingerprints or eye recognition.
After the presentation, each factor must be validated by the other party for authentication to occur.
You can enable multifactor authentication independently for internal and external resources. TotalAgility supports the following authentication features for both internal and external resources.
- Passcode: Users logging on for the first time are requested to enter a passcode. The passcode is sent to the user through an email and has a limited validity period. On entering the active password, a cookie is added to the user's system, and login proceeds. For subsequent login, the system checks for the valid cookie. If it does not exist, the user must go through the passcode verification again.
-
Password format: To increase security, a regular expression can be supplied to ensure that any passwords added for resources must adhere to a specific format. This is an optional setting.
Multifactor authentication settings
- Enable
-
If selected, enables the configuration of multifactor authentication of internal and external users.
- Passcode active interval
-
A period in minutes within which the user should be authenticated after the initial passcode is sent to the user. (Default: 30 Minutes for both internal and external users)
- Cookie expiry interval
-
A period in days/hours/minutes so that the expiry time is calculated from the (initial) passcode activation. (Default: 30 Days, 0 Hours, 0 Minutes)
- Expiry mode
-
The mode of expiry.
-
Absolute: Calculates the expiry time from the (initial) passcode activation. Subsequent logins do not update the expiry time. When the expiry time is reached, the user is required to perform passcode authentication. (Default: 30 Days)
-
Sliding: On subsequent successful logins, updates the expiry value by adding the cookie expiry duration.
-
- Group
-
The group in which the user is a member. (Default: Everyone)
This option is not available for external users.
- Notification process
-
A notification process. (Default: SYSTEM Passcode Notification process which contains an email activity that sends an email to the resource with descriptive text and a randomly generated passcode.)
-
When you log on to TotalAgility as an internal or external user and the multifactor authentication is not enabled for internal and external users, the logon proceeds as normal.
-
When you log on to TotalAgility as an internal user, but you are not a member of the group configured for Internal Resources, and the multifactor authentication is enabled for internal users, the logon proceeds as normal.
-
When you log on to TotalAgility as an internal user or an external user with valid credentials, and if no cookies are detected or the cookie has expired and the multifactor authentication is enabled for internal and external users, the Verify Passcode page appears. On the Verify Passcode page, enter the passcode details sent to you through email. Once you submit the details, a cookie with an expiry interval is added to the system, and you can login.