Configuring Multi-Factor Authentication 11
Configuring Multi-Factor Authentication
The Administrators can now configure the additional security layer with One Time Passwords (OTPs).
First level authentication is enforced by entering the username and password and second level of authentication includes entering the One Time Password (OTP) which is another verification code sent to the user’s registered email address. OTPs are valid for only one login attempt and are interval-based.
The user has to enter the unique OTP received for the successful login.
Note:
- This feature is supported only for web application where authentication happens using Form Login page.
- This feature is not supported for SSO authentication mechanism; however, MFA can be achieved for SSO authentication on the respective SSO provider platform.
Figure: Multi-Factor Authentication
Business Benefits of OTP:
- Unique OTP Verification Code – As OTPs are unique, temporary, and expire within a short interval of time, it prevents reuse or hacking of these verification codes.
- Enhances Security – OTPs provide an additional layer of security when primary verification of username/password is compromised.
Configuration
A new section Multi-Factor Authentication is added on the Domain page (Admin > Basic > Infrastructure > Domain) to configure OTP Authentication. Specify the required fields.
Figure: DOMAIN
The following table describes the fields under the section Multi-Factor Authentication on the DOMAIN page.
Field | Description |
Multi-Factor Authentication | |
Enable Multi-Factor Authentication | MFA is disabled by default. To enforce OTP authentication, you must select Enable Multi-Factor Authentication check box. If selected, the user will be asked for OTP authentication. |
OTP Expiry Time (in mins) | Specify the time in minutes for which the OTP will be valid. The minimum and default OTP Expiry time is 15 minutes. The maximum OTP Expiry time is 30 minutes. |
OTP Length | Specify the length of the OTP. The minimum and default length of the OTP can be 5 characters. The maximum length can be up to 16 characters. Note: OTP is only numeric. |
Maximum number of attempts | Specify the maximum number of attempts to enter the incorrect OTP. The minimum number for retrying OTP attempt is 1. The default number for retrying OTP attempts are 3. The maximum number for retrying OTP attempts are 99. Note: By default, if you exceed maximum number of incorrect attempts then the user has to login once again to the SummitAI application. |
Lock user account | If selected, user account will be locked once you exceed the maximum number of incorrect attempts. By default, Lock User Account is not selected. Note: To unlock the account, user has to contact the administrator. |
OTP Recipients | |
Customer | Select one of the options from the drop-down list. Available options are as follows:
|
Location | Select one of the options from the drop-down list. Available options are as follows:
Note: If you select both the Customer and Location, the OTP will be sent to the users of the Customer located in that configured location. |
User List | Select one of the options from the drop-down list. Available options are as follows:
|
Click icon to add new recipients by selecting the required OTP Recipients options available in the drop-down. | |
Click icon to delete the recipients by selecting the required OTP Recipients options available in the drop-down. |
To Sign in
To sign-in to SummitAI web application:
- Type in the SummitAI URL in the address bar of the browser. The SIGN IN page is displayed.
Figure: SIGN IN Page - Specify the username and password.
- Click SIGN IN. If username and password is correct, then the user will be redirected to OTP authentication page.
Figure: OTP Verification
Figure: E-mail Sample Screenshot OTP will be sent to the user’s registered e-mail address. Enter the OTP received via e-mail.
The following table describes RESEND OTP usage.Click
Action
RESEND OTP
To resend the OTP if you have not received OTP or if your OTP is expired.
OTP expiry time is displayed based on the Multi-Factor Authentication configuration.
For example: “OTP will expire in 04:50 min”As per the above message, your OTP will get expire after 04:50 mins.
Click Verify.
OTP
Action
Is correct
The user is allowed to login to the application.
Is not correct The user is not allowed to login to the application. Error message will be displayed with left-out attempts.
For example: Invalid OTP, you are left with 2 more attempt(s).
User may re-enter the OTP.
Note: User account will get locked if the user exceeds the maximum number of incorrect OTP attempts, based on Multi-Factor Authentication configuration.
Confluence Cloud Migration Alert: Please refer to known issues you may encounter in Confluence Cloud: https://eitdocs.atlassian.net/wiki/x/wDGwAQ