Multi Factor Authentication

The Identity Hub can add Multi-Factor Authentication to the login flow for all Account Providers. This can be required or optional on a per Tenant basis and it can also be configured by an individual user. Some account providers will already enforce MFA during login. It is possible to pass this information to The Identity Hub and prevent multiple MFA requests.

Supported Multi-Factor methods and devices

The Identity Hub supports the following Multi-Factor methods and devices out-of-the-box:

• Apps like
  • Microsoft Authenticator for Android
  • Google Authenticator for Android
  • Google Authenticator for iOS
  • Microsoft Authenticator for iOS
  • ...
• Verification code sent by e-mail
• Verification code sent by SMS to a mobile phone number

Note

If a Multi-Factor method and/or device that you want to use is not available and you want us to provide it for you, drop us a line at info@theidentityhub.com.

Configuring Multi-Factor for a Tenant

1. Navigate to the Admin Page (https://www.theidentityhub.com/{tenant}/Admin) and click Edit in the top navigation bar.
2. Click on the Security tab.
3. Check the option to require MFA
4. Configure the methods that are allowed and the settings related to attempts and cool-down period
5. Click Save to apply the configuration.

Tip

If Multi-Factor Authentication is required at the Tenant level, a user will have to perform Multi-Factor Authentication upon each login and when the logonsession at The Identity Hub is expired.

Multi-Factor configuration settings

Parameter	Description
Two factor authentication required	When true will enforce Multi-Factor Authentication for all users. Users who have not configured Multi-Factor Authentication will be required to do so upon next logon.
Two factor verification methods	The Multi-Factor Authentication methods that are active.
	With Email: Multi-Factor Authentication can be completed using a verified e-mail address (Optional)
	With Authenticator App: Multi-Factor Authentication can be completed using an Authenticator App. (Always active)
	With SMS: Multi-Factor Authentication can be completed using a verified mobile phone number. (Optional)
Two factor authentication maximum attempts	The maximum number of failed two factor authentication attempts a user can take before being locked out of two factor authentication. Use the value 0 to disable this functionality (not advised!).	5
Two factor authentication cool-down	The number of minutes for which a user is locked out of two factor authentication after the maximum number of failed attempts has been reached.	15

Configuring Multi-Factor by a User

Individual users can activate Multi-Factor Authentication even if Multi-Factor Authentication is not enforced by the Tenant.

Note

Also for individual configurations the amount of false attempts is checked and a cool-down period is applied when reached.

Using an Authenticator App

1. Navigate to the Profile Page (https://www.theidentityhub.com/{tenant}/Profile) and click Security Information in the left navigation bar.
2. Click Configure Authenticator app.
3. Follow the described steps to pair the Authenticator app with your account.
4. Click Set.
5. On the Security Information page click Configure two factor authentication
6. Fill out the verification code from your app.
7. Click Set.

Using Email

1. Navigate to the Profile Page (https://www.theidentityhub.com/{tenant}/Profile) and click Security Information in the left navigation bar.
2. If your email address is not verified, click Verify in the Email address section and follow the steps to verify your email address.
3. On the Security Information page click Configure two factor authentication
4. Fill out the verification code sent to your email address. Click Request a new code via email if you did not receive the email.
5. Click Set.

Using Mobile Phone Number

1. Navigate to the Profile Page (https://www.theidentityhub.com/{tenant}/Profile) and click Security Information in the left navigation bar.
2. If your mobile number is not verified, click Verify in the Mobile phone number section and follow the steps to verify your mobile phone number.
3. On the Security Information page click Configure two factor authentication
4. Fill out the verification code sent to your mobile phone number. Click Request a new code via sms if you did not receive the sms.
5. Click Set.

Reset Multi-Factor for a User

When a user loses access to his/her Authenticator App an administrator can reset the Authenticator App configuration. The user will be required to reconfigure the Multi-Factor Authentication upon next logon.

1. Navigate to the Admin Page (https://www.theidentityhub.com/{tenant}/Admin) and click Users in the left navigation bar.
2. Click on the user in the list to open the detail page.
3. In the Security Information section click on the here link the description to reset the Authenticator App.
4. Click OK to confirm.