MFA for Acreto Connect Client - How To Enable
Before You Start
What is Multifactor Authentication and why should you use it?
Two-Factor Authentication (2FA or MFA) - 2FA is an extra layer of security to ensure that people trying to access an online account are who they say they are. First, a user will enter their username and password. Then, instead of immediately gaining access, they must provide other information.
Read more about why you should enable MFA in Acreto Ecosystem in this article.
Prerequisites
To enable MFA for Ecosystem users, there are some steps required:
- Make sure that all users know what the MFA is and why you enable it.
- You need to be Ecosystem Administrator to enable this option.
- Ecosystem users need to be imported to Ecosystem by Identity Provider
How To
Step 1: Enable the MFA for Users
To activate Multi-Factor Authentication for the Ecosystem users, login into Acreto Portal and choose your Ecosystem from the Ecosystem list.
Move to Multi-Factor Auth (1) and enable the MFA option (2). When enabled, you may change the available source of the second factor (3).
You may enable a One-time password generator like Google Auth or/and email address. In the second case, the user will receive an email message with a code on each authentication. You may find more details about the second factor in an article for users.
This setting only enables the configurable option for the user, which may choose from available methods when configuring MFA for his account.
Save and commit the settings.
Step 2:
When the MFA is enabled, go to the Users section and invite all users again - this will generate a special type of Acreto Connect Client profile with MFA support.
This part of the procedure is mandatory - this invitation allows users to set up their Multi-Factor access.
Choose the users from the list and send the invitation.
Reset MFA
Working with users, you may expect many potential issues with the second factor - lost devices, forgotten passwords, etc.
The best solution for all potential issues with locked access is a reset of the MFA. However, this action is available only to Ecosystem Administrator for security reasons.
If the users need to reset the MFA, they should ask Administrator to reset MFA.
Ecosystem Administrator can then go to the Users list in Acreto Portal, choose a user, and perform Reset MFA or Reset and Logoff action.
The reset option is dedicated to users who " forgot " the MFA device/source credentials. In case of the situation when the device was stolen, the best practice is to use Reset MFA and Logoff - this will automatically close all existing Acreto sessions related to this device.
Summary
MFA is an easy-to-enable and managed feature that increases security to another level.