MFA stands for Multi-Factor Authentication. Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.
How to Configure MFA?
Ownercenter is always concerned about the security of our users so we have introduced MFA, as you can see in the screenshot below. You can access the “Configure MFA” option by clicking on your profile name in the bottom left corner of the screen.
The ‘Configure MFA’ overlay will look like the screenshot below. To Enable MFA click on checkbox "Enable MFA", choose the Delivery method (by default Email is selected) & click the Save button. MFA will then be activated on your user account successfully.
Once you click the checkbox ‘Enable MFA’ and choose Email as MFA delivery method and save, it opens the window below to enter the code which you will receive via Email. Enter the code and click Verify button and MFA will be enabled successfully.
Similarly in the case of SMS, you will get a Code via SMS, with WhatsApp you will get the code via the WhatsApp app and for TOTP, you will receive the code on your Authenticator App.
User level MFA Settings
Each user can Enable/Disable MFA settings for themselves in OC. As shown in below screenshot user can update MFA by clicking Configure MFA option.
2- Account level MFA settings
Admins can find the option to enable/disable MFA by clicking on their profile name in the bottom left corner then on the Account Info option and scroll to MFA section on Account info screen.
You can choose one option & click the Save button to save your preferences. This option is not available for other user roles.
MFA Delivery Methods
We provide these four delivery methods to receive a verification code.
1- Email
2- SMS
3- WhatsApp
4- TOTP
Email-based MFA
If you prefer to receive your authentication code by email, choose Email as the delivery method for MFA on the configuration screen and click the Save button.
After selecting Email as delivery method, it asks to enter the Code which you will get via Email. After entering code your MFA will be activated. Now if you logout and go to the login screen you will see the message below after entering your username/password.
After entering your login details, you will get an email to your inbox with the security Digit Code as shown in the screenshot below. Copy this code, enter it in the Digit Code text field & click the Verify button to be logged in successfully.
SMS-based MFA
If you prefer to receive your authentication code by SMS, choose SMS and click on the Save button.
After selecting SMS as the delivery method, if you log out and go to the login screen, you will see the message below after entering your username/password. You will receive an SMS on your saved mobile number with the security Digit Code as shown in the screenshot below. Copy this code, enter it in the Digit Code text field & click the Verify button to be logged in successfully.
WhatsApp-based MFA
If you want to use WhatsApp as the delivery method for MFA, then on the configuration screen, select WhatsApp and click the Save button.
After selecting WhatsApp as the delivery method, if you log out and go to the login screen you will see the message below after entering your username/password. You will get a message on your saved mobile number’s WhatsApp application with the security Digit Code as shown in the screenshot below. Copy this code, enter it in the Digit Code text field, click the Verify button & you will be logged in successfully.
TOTP-based MFA
If you want to choose TOTP as the delivery method for MFA, then on the configuration screen, select TOTP and click the Save button.
Next, the screen shown below will appear, where you will be required to scan the QR code on the authenticator app from your mobile. This will sync the account into the authenticator app & a code will be generated in the mobile authenticator app. Copy and paste the code as shown in the screenshot below & click the Verify button.
After selecting TOTP as the delivery method, if you logout and go to the login screen you will see the message below after entering your username/password.
You will also get a message on your authenticator app on your mobile device with the security Digit Code as shown in the screenshot below. Copy this code, enter it in the Digit Code text field & click the Verify button to be logged in successfully.
Skip MFA challenge feature
Users can skip MFA for a 15 days time period if they select the checkbox shown in the screenshot below when logging in.
This will bypass MFA and you will not be asked for any security code while logging in. It only expires if you do not log in on the same browser in 15 days, otherwise it will keep bypassing the MFA settings.
You can undo the above mentioned feature of bypassing MFA Challenge using the “Don’t Skip MFA” button below in your MFA Configurations settings and MFA will be enabled again on your browser.
Resend Code Feature
The “Resend Code” option allows you to request a new verification code if you did not receive the code, have lost the original one or the previous code has expired.
On the login page, when you navigate to the Multi-Factor Authentication screen, there is a “Resend Code” link with a timer of 120 seconds. Once the timer reaches zero, the “Resend Code” link will be active allowing you to click on it to request a new code.
When you select the ‘Resend Code’ option, a new verification code will be generated and sent via the delivery method you selected during configuration (e.g. email, SMS, WhatsApp or TOTP).
Unusual login detected Email
If a user is logged in from a different location i.e IP Address has changed from the previous IP address (at which security code was approved previously), this will trigger an email to be sent to you alerting you of an unusual log in.