Two-Factor Authentication (2FA or MFA) - 2FA is an extra layer of security to ensure that people trying to access an online account are who they say they are. First, a user will enter their username and password. Then, instead of immediately gaining access, they must provide other information.
Read more about why you should enable MFA in Acreto Ecosystem in this article.
To enable MFA for Ecosystem users, there are some steps required:
To activate Multi-Factor Authentication for the Ecosystem users, login into Acreto Portal and choose your Ecosystem from the Ecosystem list.
Move to Multi-Factor Auth (1) and enable the MFA option (2). When enabled, you may change the available source of the second factor (3).
You may enable a One-time password generator like Google Auth or/and email address. In the second case, the user will receive an email message with a code on each authentication. You may find more details about the second factor in an article for users.
This setting only enables the configurable option for the user, which may choose from available methods when configuring MFA for his account.
Save and commit the settings.
When the MFA is enabled, go to the Users section and invite all users again - this will generate a special type of Acreto Connect Client profile with MFA support.
This part of the procedure is mandatory - this invitation allows users to set up their Multi-Factor access.
Choose the users from the list and send the invitation.
Working with users, you may expect many potential issues with the second factor - lost devices, forgotten passwords, etc.
The best solution for all potential issues with locked access is a reset of the MFA. However, this action is available only to Ecosystem Administrator for security reasons.
If the users need to reset the MFA, they should ask Administrator to reset MFA.
Ecosystem Administrator can then go to the Users list in Acreto Portal, choose a user, and perform Reset MFA or Reset and Logoff action.
The reset option is dedicated to users who " forgot " the MFA device/source credentials. In case of the situation when the device was stolen, the best practice is to use Reset MFA and Logoff - this will automatically close all existing Acreto sessions related to this device.
MFA is an easy-to-enable and managed feature that increases security to another level.