Multifactor authentication (MFA) is an important and recommended approach to securing the CyMetric platform. MFA requires Users to provide a secondary form of authentication prior to gaining access to CyMetric. The MFA solution leverages a software-based model that applies mainstream Time-Based One-Time Password (TOTP) tools like Duo, Microsoft Authenticator, Google Authenticator, and Authy for user verification. Users can choose any TOTP platform they are comfortable with and DOES NOT need to be consistent across all users within an organization. This article defines the steps to activate MFA for individual users.
IMPORTANT: Please note that if an organization requires CyMetric users to implement MFA, a user will have a four day grace period to set up MFA as measured from the next time they log onto the system after the organization’s global requirement is set.
Once an organization has decided to make MFA mandatory, when a user logs in to CyMetric, the landing page will have a warning banner asking them to set up their MFA account within the four-day grace period. It is important that users establish their MFA credentials within that window.
Getting Started: Once you log in to CyMetric, click on the Account icon in the top right corner of the screen and select Account from the list of options.
Users are brought to the Account Profile Screen where all of the details of the user can be viewed. Next, click on the Options icon (Three-dot ellipsis) and select Security from the drop down options.
The Security Management page is displayed where passwords can be reset and users will see the MFA enablement area.
To enable MFA, slide the Enable button to the right. This will initiate the activation process allowing users to pair their chosen authenticator application with the CyMetric platform. CyMetric is able to work with any contemporary TOTP authenticator application most of which are free to use. Popular authenticator applications include Microsoft Authenticator, Google Authenticator, Duo, and Authy. If users do not have an authenticator tool on their phones, they can be downloaded from the Apple Store and Google Play app stores. DO NOT DOWNLOAD AN AUTHENTICATOR FROM AN UNTRUSTED SOURCE. Open the authenticator application on your phone. If your phone has a camea, scan the QR code displayed in CyMetric within the authenticator application to link the tool to CyMetric. Alternatively, you can type in the alpha-numeric authentication string generated by CyMetric in the authenticator application to accomplish the same goal. The sample images below are from Microsoft Authenticator. NOTE: Parts of the image below have been blurred for security.
| 
|
When the authenticator application accepts the QR code or the authentication string, CyMetric will then accept the six digit token produced by the authenticator application. Most authenticator applications utilize a 30 second rolling token generation sequence. Populate the six digit token in the Token field within the 30 second window before the token changes to ensure it is accepted. If the token changes while typing, you may need to re-enter the next token produced by the authenticator application. Once complete, the user account will be enrolled in MFA.
IMPORTANT: At the completion of the enrollment, CyMetric produces a set of recovery codes for use in the event that users do not have access to their authenticator application. Recovery codes can be used in place of the authenticator application. It is CRITICAL that these codes be saved in a secure location but be accessible if they are needed. Users have eight recovery codes available to them. A recovery code can only be used once so once a recovery code has been utilized, it cannot be re-used. CyMetric will identify how many recovery codes a user has left from the security screen. Recovery codes can be regenerated if the user is logged in. However, they will need either their authenticator application available or at least one extra recovery code to use as the regeneration procedure requires a token/code. If users have utilized all eight of their recovery codes and the authenticator application is not available, new recovery codes will NOT be able to be generated.
NOTE: Parts of the image below have been blurred for security.
NEXT LOGIN: Once MFA is enabled, every time the user logs into CyMetric, the MFA request appears after the password entry screen asking users for the six digit token supplied by their authenticator application. Populate the six digit code into the field to complete the login process. Users can also populate one of their recovery codes in the field.
IMPORTANT: If users do not have their authenticator application or have recovery codes available, they will not be able to login to CyMetric. CyMetric Support will need to be engaged to facilitate access. For security purposes, a very strict MFA reset policy has been defined to protect customer accounts from social engineering efforts to gain access to CyMetric. Please contact Caetra.io Customer Support to initiate the process: 833.955.4900.
DISABLE MFA: If a user would like to disable MFA for their account and MFA is NOT required by their organization, it can be disabled. Access the Security module via the process defined above. Engage the slider button and slide left to disable. Users will be prompted for an MFA token or recovery code to complete the process. If the token is not provided, MFA will not be disabled.
