Multi Factor Authentication
The Identity Hub can add Multi-Factor Authentication to the login flow for all Account Providers. This can be required or optional a per Tenant bases and it can also be configured by an individual user.
Supported Multi-Factor methods and devices
The Identity Hub support the following Multi-Factor methods and deviced out-of-the-box:
Verification code send by e-mail
Verificator apps like
Verificate code send by SMS to a mobile phone number
Note
If a Multi-Factor method and/or device that you want to use is not available and you want us to provide it for you, drop us a line at info@theidentityhub.com.
Configuring Multi-Factor for a Tenant
- Navigate to the Admin Page (https://www.theidentityhub.com/{tenant}/Admin) and click Edit in the top navigation bar.
- Click on the Security tab.
- Click Save to apply the configuration.
Tip
If Multi-Factor Authentication is required at the Tenant level, a user will have to perform Multi-Factor Authentication upon each logon.
Multi-Factor configuration settings
| Parameter | Description |
|---|---|
| Two factor authentication required | When true will enforce Multi-Factor Authentication for all users. Users who have not configured Multi-Factor Authentication will be required to do so upon next logon. |
| Two factor verification methods | The Multi-Factor Authentication methods that are active. |
| With Email: Multi-Factor Authentication can be completed using a verified e-mail address (Optional) | |
| With Authenticator App: Multi-Factor Authentication can be completed using an Authenticator App. (Always active) | |
| With SMS: Multi-Factor Authentication can be completed using a verified mobile phone number. (Optional) |
Configuring Multi-Factor by a User
Individual users can acticate Multi-Factor Authentication even if Multi-Factor Authentication is not enforced by the Tenant.
Using Authenticator App
- Navigate to the Profile Page (https://www.theidentityhub.com/{tenant}/Profile) and click Security Information in the left navigation bar.
- Click Configure Authenticator app.
- Follow the described steps to pair the Authenticator app with your account.
- Click Set.
- On the Security Information page click Configure two factor authentication
- Fill out the verification code from your app.
- Click Set.
Using Email
- Navigate to the Profile Page (https://www.theidentityhub.com/{tenant}/Profile) and click Security Information in the left navigation bar.
- If your email address is not verified, click Verify in the Email address section and follow the steps to verify your email address.
- On the Security Information page click Configure two factor authentication
- Fill out the verification code sent to your email address. Click Request a new code via email if you did not receive the email.
- Click Set.
Using Mobile Phone Number
- Navigate to the Profile Page (https://www.theidentityhub.com/{tenant}/Profile) and click Security Information in the left navigation bar.
- If your mobile number is not verified, click Verify in the Mobile phone number section and follow the steps to verify your mobile phone number.
- On the Security Information page click Configure two factor authentication
- Fill out the verification code sent to your mobile phone number. Click Request a new code via sms if you did not receive the sms.
- Click Set.
Reset Multi-Factor for a User
When a user loses access to his/her Authenticator App an administrator can reset the Authenticator App configuration. The user will be required to reconfigure the Multi-Factor Authentication upon next logon.
- Navigate to the Admin Page (https://www.theidentityhub.com/{tenant}/Admin) and click Users in the left navigation bar.
- Click on the user in the list to open the detail page.
- In the Security Information section click on the here link the description to reset the Authenticator App.
- Click OK to confirm.