Multi-factor authentication (MFA) is an optional security measure for companies that use web login. This feature is not applicable for companies that use SSO or any other login methods.
This article will cover how to set up MFA settings as an admin, and how to set a start date for MFA to go into effect.
Before you get started, please consider the following:
- Users will need to install a third party authenticator app on their personal or work phone, or as a Chrome extension on their work computer.
- Once MFA goes into effect, any users who have not signed up with MFA will be locked out until an admin manually helps them log in.
- We suggest, as a best practice, giving your company a timeline and announcement explaining when and why the security upgrade is taking place.
How to set up MFA:
First, go to Company > Settings > Advanced Settings.
Then, check the box for: "Require multi factor authentication".
A drop down will appear where you can enter a date for the last day users can log in without using MFA. In this example, I am choosing April 30th as the companies last day to log in without MFA. Starting May 1st, current users will be locked out unless they have signed up with MFA. *New users will still be able to setup multi factor authentication when they join.
Finally, select "Save Settings" to confirm your edits.
That's it! 🎉 All users (including admins!) will need to set up MFA on their smart phone or Chrome web browser to complete the process. 👍
Here is an article that shows users through how to set up MFA:
- Will Bonusly remind users that MFA is going into place? No, all announcement and reminders will need to happen independently within the company.
- What if a user is locked out after the cut-off date? An admin will have to walk through the process with a user. Please contact Bonusly for further instructions on how to handle this.
- Why are users locked out after the cut-off date? In order to be an effective security measure, it cannot have an easy back door for users who missed the cut-off.
- What if users do not have their phone handy, do not want to download an app, or don't have a smart phone? Users can add an MFA Chrome extension to their browser.
- Why don't you offer verification via SMS? SMS verification is considered out of date as a security feature.
Questions? Contact us at firstname.lastname@example.org! We’d be happy to help!