Multi-Factor Authentication (MFA / 2FA)
- How to enable MFA
- How to disable MFA
- How to enforce MFA on all users
- How to verify if MFA is enable with users within an organization
What you are going to learn:
Obkio supports Multi-Factor Authentication (MFA), also known as 2-Factor Authentication (2FA), to secure access to the Obkio App. When MFA is enabled, at login, the user will be asked to enter their password plus a one-time MFA code.
The App supports two types of MFA codes: Authenticator App or Backup Codes. The Authenticator App is the primary method to generate MFA codes. Both Google Authenticator and Microsoft Authenticator Apps on Android and iOS devices are supported.
To enable MFA, go to the user security options (Menu -> User -> Security
) and click on the Enable Authenticator App
button. Then scan the QR code in your preferred Authenticator App (Google Authenticator or Microsoft Authenticator) and confirm the MFA code.
Once enabled, a list of 8 backup code will appear on the screen. It's important to write down the backup codes and store them securely because they will be required if the mobile device is lost or broken. The backup codes will only appear at this time.
To disable MFA, go to the user security options (Menu -> User -> Security
) and click on the Disable Authenticator App
button. A valid MFA code from the Authenticator App or Backup Code is required to disable MFA.
A total of 8 backup codes are randomly generated during the MFA activation. The backup codes can be used in case the mobile device is lost or broken. A backup code can only be used once, so if they are used, it is highly recommended to disable MFA and re-enable it again to generate new backup codes.
When a backup code is used, an email is sent to the user to let them know. In case you receive such an email without using a backup code, you must reset your password, disable MFA (which will erase the backup codes) and re-enable the MFA (which will create new backup codes).
Multi-Factor Authentication can be enforced on an organization where users will be required to enable the feature before having access to the Obkio App. To enable this feature, go to the Organization settings (Menu -> Company Name
), Click on Change Organization's Advanced Parameters
, click on the MFA required
checkbox and click on Save
.
When listing the users inside an Organization (Menu -> Company Name
), the tag MFA ENABLED
is shown if the user has MFA Enabled.