What is Multi-Factor Authentication(MFA) :
- MFA adds another method of identity verification in order to secure your accounts. First thing you know – Your username and password. Something unique that you have – Your phone or fingerprint.
- By combining your username and password with the second method your access becomes more secure and impossible for an attacker to pass it even if they have your password.
MFA methods that miniOrange IDP Supports:
OTP Over Email | You receive an OTP on your registered email address which is used for 2nd Factor Authentication.
Note : You will have to configure your Email Gateway before using this method to send emails. |
OTP Over SMS | You receive an OTP on your registered phone no. which is used for 2nd Factor Authentication.
Note : You will have to configure your SMS Gateway before using this method to send sms to users |
OTP Over Email & SMS | You receive an OTP on both your registered email and phone no. which cis used for 2nd Factor Authentication.
Notes : |
Email Link (Out of Band Email) | You receive an email that contains two links for either allowing or denying the authentication. You can click on the allow link to complete the authentication or the deny link to cancel the authentication. Note: Your IDP deployment should be accessible over the internet for the authentication to work. |
SMS Email (Out of Band SMS) | You receive an SMS that contains two links for either allowing or denying the authentication. You can click on the allow link to complete the authentication or the deny link to cancel the authentication. Note: Your IDP deployment should be accessible over the internet for the authentication to work. |
Security Questions (KBA) | In this method, the users configure 3 questions along with their answers from their account. At the time of authentication, they are prompted to provide answers for 2 of the 3 configured questions. Note : The user has to configure the questions along with their answers prior to using this MFA method. |
Phone Verification | In this method the user receives a call telling a 4-8 digit numeric key which is used for the 2nd Factor Authentication.
Note: You will have to configure your own Phone Gateway to use this method. |
miniOrange Authenticator Methods:
|
Notes :
|
Google Authenticator | In this method, the users need to enter the 6 digit OTP shown in the Google Authenticator App. The OTP keeps changing every 30 seconds. Note : The users will have to install the Google Authenticator App on their phones and configure it with their |
Microsoft Authenticator | In this method, the users need to enter the 6 digit OTP shown in the Microsoft Authenticator App. The OTP keeps changing every 30 seconds. Note : The users will have to install the Microsoft Authenticator App on their phones and configure it with their miniOrange |
Authy Authenticator | In this method, the users need to enter the 6 digit OTP shown in the Authy Authenticator App. The OTP keeps changing every 30 seconds.
Note : The users will have to install the Authy Authenticator App on their phones and configure it with their miniOrange account prior to using it as a 2FA method. |
Yubikey Hardware Token | “YUBIKEY hardware Token” is a 2fa verification method, in which a user needs to connect a USB into his computer which generates a token in the form of an alphabetic key. This process works with the combination of OTP & hardware tokens. Note : The user has to configure the hardware token from the end user dashboard prior to using this MFA method. |
Display Hardware Token | “Display Hardware Token” is a 2fa verification method, in which a user needs to connect a USB into his computer which generates a token in the form of a Numeric key. Note : You need to assign a hardware token to users before enabling this 2FA method. |
How to Enable MFA for the admin account:
- Login to the admin dashboard.
- Go to 2-Factor Authentication > Setup 2FA from the side menu.
- This will open the 2FA Methods configuration page.
- The Active Method shows the currently active method, the admin will be prompted for MFA with this method.
- Enable the “Enable Two Factor (MFA) for your own account.” option to enable MFA for the admin logins.
- Click on save for the changes to take effect.
- Now, the next time the admin initiated login to his account, he will be prompted for completing MFA with the active method.