Help Document
Enabling and Configuring Two-Factor Authentication

    ENABLING AND CONFIGURING TWO-FACTOR AUTHENTICATION

    Two-Factor Authentication increases the security of your Magentrix portal by sending your user an email or SMS that contains an authentication code. They will be prompted to enter this authentication code after they log in with their account username and password. Administrators can choose to enable Two-Factor Authentication for one of the following two circumstances:

    • Every Login: Users are prompted for a second authentication each time they sign in
    • Risk-Based Authentication: Users are prompted for a second authentication whenever using a new device or browser

    Risk-based authentication evaluates an authentication request on two criteria - cookies and IP address. Cookies are checked for previous user logins in the browser and IP addresses of previous logins are matched with the authentication request. If either criterion matches with the authentication request, two-factor authentication is bypassed.

    To use SMS Two-Factor Authentication, you must first connect the SMS provider as a Connected App. At the moment, Twilio is the only SMS Provider supported by Magentrix for portals. See the documentation.

    Requirements

    To configure security role permissions, users must be assigned a security role with the following permissions:

    • Administrator System Role

    TO SET UP TWO-FACTOR AUTHENTICATION:

    1. In the Setup Home page, click Manage > Company Preferences.
    2. Select the Security Settings Tab.
    3. Click Edit.
    4. Under Authentication Settings, check Two-Factor Authentication Enabled.
    5. Click Save.

     

    TO CONFIGURE TWO-FACTOR AUTHENTICATION:

    1. In the Setup Home page, click Manage > Company Preferences.
    2. Select the Security Settings Tab.
    3. Under Authentication Settings, click Manage Two-Factor Authentication Settings.
    4. Configure the following settings:
      • Authentication Method: If you want users to enter a verification code every time they use a new device or browser, check Enforce only for unrecognized devices. If you want users to enter a verification code each time they log in, check Enforce for every login.
      • SMS Provider: Select an SMS provider that will send your verification code via SMS. At the moment, Twilio is the only SMS Provider supported by Magentrix for portals. If you are using email notifications, select None
      • Security Code Timeout: Select how long a verification code is valid for use.
      • Maximum Invalid Attempts: Select how many tries users have to enter invalid verification codes before entering a lockout period.
    5. Click Save.

     

    The basic implementation of two-factor authentication does not apply to users of the following authentication methods:
    • SAML for single sign-on
    • Social sign-on in organizations or Custom Portals
    • Custom Login Pages
    However, Two-Factor Authentication applies to custom portals as it can be applied to User Roles.

    SEE MORE:


     

    << Configuring Collaboration | Assigning a Custom Domain Name to Your Site >>