MFA Settings Configuration

MFA Settings Configurations refers to the process of configuring Multi-Factor Authentication (MFA) settings within a system or application. This involves setting up additional security measures beyond passwords, such as OTP (One-Time Password), biometric verification, or other methods, to enhance the authentication process and bolster security.

Accessing MFA Settings Configuration

New Menu Old Menu
In the Platform module, from the navigation pane on the left, under ACCESS MANAGEMENT, select MFA.

The Settings :: Authentication page is displayed with the MFA tab open by default.
  1. From the main navigation menu, click Settings.
  2. On the Settings page, from the left menu, select General > Authentication.

    The Settings :: Authentication page is displayed with the LDAP tab open by default.

  3. Click the MFA tab.
For more information on how to switch between menus, click here.

Configuring the MFA Settings

MFA is one of the most effective ways to prevent unauthorized access as it requires additional validation of login credentials during a user’s authentication process. MFA can be as straightforward as a user providing their password, then entering an accompanying numeric code (OTP) from an Email Text.
Prerequisites for On-Prem
  1. SMTP configuration should be done before enabling MFA.
  2. Email should be configured for "Admin user" before enabling MFA.
  3. If there is communication or any other issue with SMTP, then local users cannot login to AppViewX if MFA is enabled. So, our recommendation is to maintain high availability for SMTP.
Note:
  • In On-Prem, only the "Admin user" can configure MFA settings, and in SaaS, only the "Account owner" can configure MFA settings.
  • For SaaS deployment, MFA is enabled by default for the Account Owner. You cannot disable MFA for the account owner.

To configure the MFA settings:

  1. On the Settings :: Authentication page, under the MFA tab, select Email OTP to enable multi factor authentication.
  2. The Audit logs for enable/disable MFA are User: <Username> update MFA settings and enabled/disabled MFA.
  3. On selecting Email OTP, the Allow user to disable MFA option appears, which can be enabled or disabled based on the user's requirement.
  4. If the admin disables the Allow user to disable MFA option, it will enforce MFA usage for all the users. If enabled by the admin, users can enable/disable MFA usage from their user profile settings.
  5. The Audit logs for enable/disable Allow user to disable MFA are User: <Username> updated MFA settings and enabled/disabled Allow user to disable MFA.
  6. Click Save.

MFA Settings for User Profile

Admin has provision to control MFA feature for the user role.

The following steps explains access to enable/disable MFA from user profile:

  1. On selecting email OTP, the Allow user to disable MFA option appears. This can be enabled or disabled based on the user's requirement.
  2. If the admin enables Allow user to disable MFA, then users have provision to enable/disable MFA and MFA option appears in user profile.
  3. If the admin disables Allow user to disable MFA, then users can not see MFA option in the user profile.

Logging in using MFA

The following steps explains access to AppViewX Login using MFA:
  1. Log in using your user credentials.

    The MFA system generates a random six digit numeric value and sends OTP to the registered user's email ID.

  2. User authentication (OTP Verification) screen is displayed.
  3. Enter OTP which is sent to your registered email ID.
  4. OTP Validation.
    • OTP sent to Email will be valid only for next five minutes.
    • Users will be locked if wrong OTP is entered more than five times.
    • Once the user is locked for 15 minutes, an auto-generated Email is received asking to contact the administrator to unlock.
  5. Resend OTP - MFA.
    • Resend option will be enabled after 60 seconds.
    • Resend option will be available only five times for wrong attempt.
    • Users will be locked if resend OTP is attempt for more than five times.
    • Once the user is locked for 15 min, an auto-generated Email is received asking to contact the administrator to unlock.
    Note: Users can select Do not ask OTP again for 24 hours during login and disable OTP Verification for next consecutive logins for 24 hours.
  6. Click Continue.
  7. The Audit log for invalid OTP is Login failed for user: <Username> due to Invalid OTP.
  8. Change Password page is displayed for the users logging in for the first time.
  9. Enter the New password in the required fields.
    Note: The new password should have:
    • At least one uppercase, lowercase, and numeric character
    • At least one special character (~!@#$^&*_-+=|())
    • 8 to 128 characters.
    Note: The new password should not contain:
    • The user name
    • The same character more than three times consecutively
    • Blank space and special characters other than (~!@#$^&*_-+=|()).
  10. Click Continue.