What is MFA and Why is it Important?
Multifactor Authentication (MFA) adds an additional layer of security by requiring users to verify their identity through a second method, such as a mobile app, beyond just a password. This security step is essential for protecting sensitive data and preventing unauthorized access, especially in organizational settings where multiple users may access the system. Enabling MFA is a proactive way to strengthen account security and safeguard information.
How to Set Up MFA (Personal Setup)
To set up MFA personally:
Click on your avatar icon in the upper-right corner of the page.
Select Profile.
Go to Password and Security.
Toggle the MFA switch from OFF to ON.
A barcode and backup codes will appear. Scan the barcode using the Google Authenticator app on your mobile phone.
Use backup codes when you cannot access your phone; each code is single-use.
Note: Every time you turn MFA OFF and then back ON, a new barcode is generated. Make sure to scan the new barcode, as the old code will no longer work.
Enforcing MFA for All Members as an Admin
As an Institution Admin or Admin, you can enforce MFA for all team members. This process will prompt users without MFA to set it up after their next login. Users who already have MFA will not be affected.
You can review each member’s MFA status by checking the team members table. If MFA is enforced for all members, the lock icon next to the MFA button on the team member page will appear locked. If the lock icon is open, MFA is not required for all members.
Set MFA for Individual Members
To require MFA for a specific member:
Go to the Team Members page.
Select the team member’s name.
In the left sidebar, locate the MFA section.
Toggle the MFA switch ON to require MFA for this member or OFF to remove the requirement.
Once MFA is required, the member will be prompted to set it up upon their next login unless they have already completed setup.
Enforce MFA for All Members
To enforce MFA for all members:
Go to the Team Members page.
Click the Multi-factor Authentication button.
Confirm by clicking Enable in the dialog.
Setting MFA Requirement When Adding a New Member
Both Admin and Institution Admin users can require MFA at the time of adding a new member:
Click Add People.
Check the Require MFA box.
Note: If MFA is already required for all members, any new member added will automatically be required to set up MFA. In this case, the checkbox will be pre-selected and disabled to ensure consistency across the organization.
Resetting MFA for Specific Members
Admins can reset MFA for members who, for example, lose their phone or accidentally reset their MFA and cannot log in. Resetting MFA allows the member to reconfigure it upon their next login.
Enforce MFA for All Organizations within an Institution
As an Institution Admin, you have the additional capability to enforce MFA across all organizations within the institution.
Go to Institution Portal > Access Tab.
Click the Multi-factor Authentication button.
Confirm by clicking Enable in the dialog.
By enabling MFA across your organization or institution, you ensure that every member has an additional security step, enhancing the overall protection of sensitive information. Setting up and managing MFA as a security standard safeguards your data, keeps unauthorized access in check, and helps maintain a secure environment for everyone involved.