Administrator Handbook

Multi-Factor Authentication

What is Multi-Factor Authentication(MFA) :

MFA adds another method of identity verification in order to secure your accounts. First thing you know – Your username and password. Something unique that you have – Your phone or fingerprint.
By combining your username and password with the second method your access becomes more secure and impossible for an attacker to pass it even if they have your password.

MFA methods that miniOrange IDP Supports:

OTP Over Email	You receive an OTP on your registered email address which is used for 2nd Factor Authentication. Note : You will have to configure your Email Gateway before using this method to send emails.
OTP Over SMS	You receive an OTP on your registered phone no. which is used for 2nd Factor Authentication. Note : You will have to configure your SMS Gateway before using this method to send sms to users
OTP Over Email & SMS	You receive an OTP on both your registered email and phone no. which cis used for 2nd Factor Authentication. Notes : You will have to configure your Email Gateway before using this method to send emails. You will have to configure your SMS Gateway before using this method to send sms to users
Email Link (Out of Band Email)	You receive an email that contains two links for either allowing or denying the authentication. You can click on the allow link to complete the authentication or the deny link to cancel the authentication. Note: Your IDP deployment should be accessible over the internet for the authentication to work.
SMS Email (Out of Band SMS)	You receive an SMS that contains two links for either allowing or denying the authentication. You can click on the allow link to complete the authentication or the deny link to cancel the authentication. Note: Your IDP deployment should be accessible over the internet for the authentication to work.
Security Questions (KBA)	In this method, the users configure 3 questions along with their answers from their account. At the time of authentication, they are prompted to provide answers for 2 of the 3 configured questions. Note : The user has to configure the questions along with their answers prior to using this MFA method.
Phone Verification	In this method the user receives a call telling a 4-8 digit numeric key which is used for the 2nd Factor Authentication. Note: You will have to configure your own Phone Gateway to use this method.
miniOrange Authenticator Methods: Push Notification Mobile Authentication Soft Token	Push Notification : the user receives a push notifications on his mobile which he needs to ACCEPT \| DENY. Mobile Authentication : The process of Mobile Authentication works such as, a user needs to scan the barcode from his mobile using the miniOrange Authenticator app to proceed. Soft Token : In this method, User needs to enter the 6-8 numeric key shown in the miniOrange Authenticator App. Notes : Prior configuration with the miniOrange Authenticator App is required to use this method. As all 3 methods are supported in the same app, configuring any of the 3 methods will allow the users to use all 3 methods. Your IDP deployment should be accessible over the internet for the configurations as well as the authentications to work.
Google Authenticator	In this method, the users need to enter the 6 digit OTP shown in the Google Authenticator App. The OTP keeps changing every 30 seconds. Note : The users will have to install the Google Authenticator App on their phones and configure it with their miniOrange account prior to using it as a 2FA method.
Microsoft Authenticator	In this method, the users need to enter the 6 digit OTP shown in the Microsoft Authenticator App. The OTP keeps changing every 30 seconds. Note : The users will have to install the Microsoft Authenticator App on their phones and configure it with their miniOrange account prior to using it as a 2FA method.
Authy Authenticator	In this method, the users need to enter the 6 digit OTP shown in the Authy Authenticator App. The OTP keeps changing every 30 seconds. Note : The users will have to install the Authy Authenticator App on their phones and configure it with their miniOrange account prior to using it as a 2FA method.
Yubikey Hardware Token	“YUBIKEY hardware Token” is a 2fa verification method, in which a user needs to connect a USB into his computer which generates a token in the form of an alphabetic key. This process works with the combination of OTP & hardware tokens. Note : The user has to configure the hardware token from the end user dashboard prior to using this MFA method.
Display Hardware Token	“Display Hardware Token” is a 2fa verification method, in which a user needs to connect a USB into his computer which generates a token in the form of a Numeric key. Note : You need to assign a hardware token to users before enabling this 2FA method.

How to Enable MFA for the admin account:

Login to the admin dashboard.
Go to 2-Factor Authentication > Setup 2FA from the side menu.
This will open the 2FA Methods configuration page.
The Active Method shows the currently active method, the admin will be prompted for MFA with this method.
Enable the “Enable Two Factor (MFA) for your own account.” option to enable MFA for the admin logins.

Click on save for the changes to take effect.
Now, the next time the admin initiated login to his account, he will be prompted for completing MFA with the active method.

Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com