In This Article

Overview

Enabling MFA permission for System Administrators

Assigning MFA to users

How to obtain the authentication code

Things to consider regarding MFA


Overview

Multi-Factor Authentication (MFA) adds an extra layer of security by requiring users to provide multiple verification factors during login. This guide explains how to enable MFA in WiredUp, enhancing your system's security.


Note: Only users with role permissions to manage Multi-Factor Authentication can administer Multi-Factor Authentication for each user profile.

Enabling MFA permission for System Administrators

To enable MFA, a user with an administrative role must be given system administrative permissions to assign MFA for each user profile in the system. To assign this, follow these steps below:

  1. Go to Administration and navigate to System

  2. Click on Roles to view a list of the Roles available

  3. Find and select the Role that will manage MFA

  4. Under the Permissions section, locate System Administration.

  5. Add "Manage Multi-Factor Authentication" permission to the Role.

Once this permission has been enabled, the user will be able to grant or disable Multi-Factor Authentication to other users in the system.


Note: The option to enable or disable MFA email notifications is disabled for all users to prevent login issues that may arise from not receiving the code when the option is turned off.



Assigning MFA to users

  1. Access the Administration section and go to System, then click on Users.

  2. Choose the user to enable or disable MFA for.

  3. Click on the checkbox for Multi-Factor Authentication to enable or disable MFA for the user
  4. Save the changes


A user with MFA enabled will receive an authentication code to the email on their profile before they can log onto the system.


Note: New users created on the system or imported into the system will have the MFA feature automatically enabled on their user profile.

How to obtain the authentication code

  • Once MFA is enabled for a user, they will receive an authentication code during login to their email address associated with the account.
  • Users must enter this code to access the system.
  • This additional step significantly enhances security and reduces the risk of unauthorized access.
  • Users have the option to select the 'Remember me on this device' setting for one day, which allows them to receive and enter the MFA code only once per day upon login.



Things to consider regarding MFA


Verification Code Expiry:

A verification code is only valid for 5 minutes.

A timer will display the remaining time for the code's validity.

Users can request a new code by clicking on the "Send Again" button if the code expires before use.


Code Expiry Handling:

After 5 minutes and the code expires, the input field for the code will lock.

Additionally, the submit button associated with entering the code will disable to prevent submitting an expired code.


Session Expiry:

If the user's session expires during the MFA process, they will be automatically redirected to the login page.

This ensures that the authentication process remains secure and up to date.


Resending Verification Code:

Users can click the "Send Again" button to request a new verification code.

If the user requests a new code before the previous one expires, the same code will be resent.

However, if the user clicks "Send Again" after the code expiry, a new verification code will be generated and sent to the user.


These considerations ensure a secure and streamlined MFA experience for users, maintaining the integrity of authentication processes and enhancing system security.
Note: MFA is not applicable to clients who have Single Sign On enabled. For all SSO clients, this can be managed by the organization.