Multifactor authentication

Multifactor authentication (MFA) is a security approach to verify the legitimacy of a user that requires more than one of the following independent authentication factors:

  1. Knowledge factor: Something only the user knows, such as the password or security question answers.

  2. Possession factor: Something only the user has, such as an email with a passcode or a user-specific cookie on a client computer or device.

  3. Inherence factor: Something unique to the user, such as fingerprints or eye recognition.

    After presentation, each factor must be validated by the other party for authentication to occur.

You can enable multifactor authentication independently for internal and external resources. TotalAgility supports the following authentication features for both internal and external resources.

  • Passcode: Users logging on for the first time are requested to enter a passcode. Passcode is sent to the user through an email and has a limited validity period. On entering the active password, a cookie is added to user's system and logon proceeds. For subsequent logon, system checks for the valid cookie. If it does not exist, user must go through the passcode verification again.
  • Password format: To increase security, a regular expression can be supplied to ensure that any passwords added for resources must adhere to a specific format. This is an optional setting.

  1. Navigate to System > System settings > Logon and authentication > Multifactor authentication.
    The Multifactor authentication dialog box is displayed.
  2. Configure the multifactor authentication for internal and external users.

    Enable

    If selected, enables configuration of multifactor authentication of internal and external users.

    Passcode active interval

    A period in minutes within which the user should be authenticated after the initial passcode is sent to the user. (For internal users, default: 30 Minutes, for external users, default: 30 Hours)

    Cookie expiry interval

    A period in days/hours/minutes so that the expiry time is calculated from the (initial) passcode activation. (Default: 30 Days, 0 Hours, 0 Minutes)

    Expiry mode

    The mode of expiry.

    • Absolute: Calculates the expiry time from the (initial) passcode activation. Subsequent logons do not update the expiry time. When the expiry time is reached, the user is required to perform passcode authentication. (Default: 30 Days)

    • Sliding: On subsequent successful logons, updates the expiry value by adding the cookie expiry duration.

    Group

    The group in which the user is a member. (Default: Everyone)

    Note This option is not available for external users.

    Notification process

    A notification process. (Default: SYSTEM Passcode Notification process which contains an email node that sends an email to the resource with descriptive text and a randomly generated passcode.)

  3. Click Save.
    Note
    • When you log on to TotalAgility as an internal or external user and the multifactor authentication is not enabled for internal and external users, the logon proceeds as normal.

    • When you log on to TotalAgility as an internal user but you are not a member of the group configured for Internal Resources, and the mMultifactor authentication is enabled for internal users, the logon proceeds as normal.

    • When you log on to TotalAgility as an internal user or an external user with valid credentials, and if no cookies are detected or the cookie has expired and the multifactor authentication is enabled for internal and external users, the Verify Passcode page appears. On the Verify Passcode page, enter the passcode details sent to you through email. Once you submit the details, a cookie with an expiry interval is added to the system, and you can login.