What is Multi-factor Authentication?
Multi-factor authentication (MFA) is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. MFA increases security because even if one credential becomes compromised, unauthorised users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.
Multi-factor Authentication on OpenSolar is mainly implemented at a user level, this means that users can enable/disable/configure MFA on their account and it will be enforced on login.
The main exception to this is that Orgs can enforce that users have MFA set up when accessing this Org. This is to say, a non-MFA user shouldn't be forced to setup MFA until they actually need to use an MFA enforced Org.
How can staff members voluntarily enable Two-Factor Authentication (2FA)?
Go to Settings and Press the Two-factor authentication button as shown in the image below:
Select 'Enable Two-Factor Authentication'
Choose one of the preferred Authentication Methods (see below)
- Select 'Add SMS'
- Add Country Code and phone number, click Send Verification Code
- Enter Verification Code and Submit
Add Authenticator App
(Please Note: You need to download Authenticator App through Android/iOS store)
Select 'Add Authenticator App'
Scan the QR code with an Authenticator App
Enter the Authentication code from the App back into OS and Submit
Once you click submit, you will be asked to download the recovery codes as shown in the image below:
Why is saving your recovery codes important?
If you lose access to your phone, you can authenticate to OpenSolar using your recovery codes. We recommend saving them with a secure password manager.
Two-Factor Authentication (2FA) at Login
If 2FA is enabled for the staff member, then they will be asked to verify a 2FA device immediately after logging in. If the staff member has both SMS and Authenticator App setup, OpenSolar will preferentially use the Authenticator App.
- Please enter the verification code and click sign in
Please note: If the Org that a staff member is trying to access has 2FA enabled, but the staff member doesn't have 2FA enabled, then the staff member will be asked to set up 2FA. Until this is done you won't be able to access the Org.
How can a staff member change/disable two-factor authentication settings (2FA)?
Once enabled, you can change/disable 2FA settings by going to User Settings >Two-Factor Authentication
- Users can remove one of the two settings or can enable both the settings here
- To replace your authenticator app, users will have to remove it first
- To replace your phone number, click on 'Replace' under SMS to enter new phone number
- Click on 'Disable Two-Factor Authentication' to disable 2FA settings
Please Note: If the current Org has 2FA enforced, this system will not allow disabling 2FA as shown in the image below:
How can you Enforce Two-Factor Authentication(2FA) for the entire Org?
At an Org level it is possible to enforce 2FA, so that all staff members of that org accessing the Org must have 2FA enabled.
To access this setting, go to Control > Company > Two-Factor Authentication and select 'Enforce Two-factor Authentication'
If you have any questions, please reach out to firstname.lastname@example.org anytime. We'd love to hear from you!
Please sign in to leave a comment.