Configuring Multi-Factor Authentication 11

Configuring Multi-Factor Authentication

The Administrators can now configure the additional security layer with One Time Passwords (OTPs).

First level authentication is enforced by entering the username and password and second level of authentication includes entering the One Time Password (OTP) which is another verification code sent to the user’s registered email address. OTPs are valid for only one login attempt and are interval-based.

The user has to enter the unique OTP received for the successful login.

Note:

  • This feature is supported only for web application where authentication happens using Form Login page.

  • This feature is not supported for SSO authentication mechanism; however, MFA can be achieved for SSO authentication on the respective SSO provider platform.


Figure: Multi-Factor Authentication

Business Benefits of OTP:

  1. Unique OTP Verification Code – As OTPs are unique, temporary, and expire within a short interval of time, it prevents reuse or hacking of these verification codes.
  2. Enhances Security – OTPs provide an additional layer of security when primary verification of username/password is compromised.

Configuration

A new section Multi-Factor Authentication is added on the Domain page (Admin > Basic > Infrastructure > Domain) to configure OTP Authentication. Specify the required fields.


Figure: DOMAIN

The following table describes the fields under the section Multi-Factor Authentication on the DOMAIN page.

Field

Description

Multi-Factor Authentication

Enable Multi-Factor Authentication

MFA is disabled by default. To enforce OTP authentication, you must select Enable Multi-Factor Authentication check box.

If selected, the user will be asked for OTP authentication.

OTP Expiry Time (in mins)

Specify the time in minutes for which the OTP will be valid.

The minimum and default OTP Expiry time is 15 minutes.

The maximum OTP Expiry time is 30 minutes.

OTP Length

Specify the length of the OTP.

The minimum and default length of the OTP can be 5 characters.

The maximum length can be up to 16 characters.

Note: OTP is only numeric.

Maximum number of attempts

Specify the maximum number of attempts to enter the incorrect OTP.

The minimum number for retrying OTP attempt is 1.

The default number for retrying OTP attempts are 3.

The maximum number for retrying OTP attempts are 99.

Note: By default, if you exceed maximum number of incorrect attempts then the user has to login once again to the SummitAI application.

Lock user account

If selected, user account will be locked once you exceed the maximum number of incorrect attempts.

By default, Lock User Account is not selected.

Note: To unlock the account, user has to contact the administrator.

OTP Recipients

Customer

Select one of the options from the drop-down list. Available options are as follows:

  • ALL – Choose ALL to select all customers.
  • SELECT - Choose SELECT and specify the specific customers.

Location

Select one of the options from the drop-down list. Available options are as follows:

  • ALL - Choose ALL to select all locations.
  • SELECT - Choose SELECT to select the specific locations.

Note:

If you select both the Customer and Location, the OTP will be sent to the users of the Customer located in that configured location.

For example: Consider SummitAI is Customer and Bangalore is the Location. The OTP will be sent to the SummitAI users at Bangalore location.

User List

Select one of the options from the drop-down list. Available options are as follows:

  • ALL - Choose ALL to send the OTP to all the users under the configured domain.
  • SELECT - Choose SELECT to specify the User in the Type in field to send the message.

Click icon to add new recipients by selecting the required OTP Recipients options available in the drop-down.

Click icon to delete the recipients by selecting the required OTP Recipients options available in the drop-down.


To Sign in

To sign-in to SummitAI web application:

  1. Type in the SummitAI URL in the address bar of the browser. The SIGN IN page is displayed.


    Figure: SIGN IN Page

  2. Specify the username and password.
  3. Click SIGN IN. If username and password is correct, then the user will be redirected to OTP authentication page.


    Figure: OTP Verification


    Figure: E-mail Sample Screenshot

  4. OTP will be sent to the user’s registered e-mail address. Enter the OTP received via e-mail.

    The following table describes RESEND OTP usage.

    Click

    Action

    RESEND OTP

    To resend the OTP if you have not received OTP or if your OTP is expired.

    OTP expiry time is displayed based on the Multi-Factor Authentication configuration.

    For example: “OTP will expire in 04:50 min

    As per the above message, your OTP will get expire after 04:50 mins.

  5. Click Verify.

    OTP

    Action

    Is correct

    The user is allowed to login to the application.

    Is not correct

    The user is not allowed to login to the application. Error message will be displayed with left-out attempts.

    For example: Invalid OTP, you are left with 2 more attempt(s).

    User may re-enter the OTP.

    Note: User account will get locked if the user exceeds the maximum number of incorrect OTP attempts, based on Multi-Factor Authentication configuration.