Skip to main content
All CollectionsPulseway PSAGeneral
Enabling Multi-Factor Authentication in PSA
Enabling Multi-Factor Authentication in PSA
Tara Bennet avatar
Written by Tara Bennet
Updated over 2 years ago

Introduction

The Pulseway PSA implements Multi-Factor Authentication (MFA) aiding in enhanced security. Administrators can enforce MFA on all users or end users can enable this in their profiles.

You can use any generic authenticator products like Passly, Google Authenticator, Duo, and others. You can use your organization's IDP to implement this extra security or use the built-in service by PSA to enforce MFA.

Prerequisites

  • An active employee or contact in the system.

  • An authenticator application on your mobile device.

Features

  • Enforce MFA for few or all users.

  • MFA will work in parallel with your current SSO and SAML IDP authentications.

  • MFA enabled/disabled value columns are listed in Employee and Contact listing pages.

  • MFA can be disabled for multiple users at once using batch actions under Contacts.

Setup

As an Admin :

  1. In PSA, navigate to Admin > My Company > Auth and Provision

  2. Require MFA for non-SSO users: Yes

Existing SSO users :

Enabling MFA for non-sso users button applies MFA on all the login accounts. If the user has an existing SSO, they would still have to log in to their profile and enable MFA. This is a one-time setup for SSO users. MFA will not be asked for any subsequent logins.

  • SSO Provider interface > PSA App > My Settings > Enable MFA > Logout of PSA

  • SSO Provider interface > PSA App > Loads PSA profile using SAML

Authentication will show MFA enabled, and the user authentication type under HR for this user will be SAML SSO.

As an end-user :

  1. Open "My Settings page", Enable MFA

  2. Once MFA is enabled for an account, you will have to set up your mobile device to help you generate code during your next login.

    • Scan the QR code shown on your screen

    • Generate code, use it in the" Verify MFA Code" box, click Enable.

If your app doesn't support a code scanner you can also use the following steps to configure the code manually.

  1. Click on the "Show secret Key for manual configuration"

  2. On your device, Add a new setup key and use the secret token from PSA.

mceclip2.png

Once MFA is enabled, you will also see an option to generate an MFA recovery, Click on the link and save the code somewhere secure.

mceclip0.png

Note: On your next login, you will be prompted for your Username, Password, and authentication code OTP generated by an authenticator application. Change in authentication type requires users to refresh their logged-in session.

mceclip0.png

Reset MFA

  • Reach out to someone with an Administrator role in the system, and have them reset your MFA.

  • Reset path : Navigate to Admin > HR >Employees if the user is and employee and Contacts > CRM > Contact> Client portal access for a client portal user.

  • Choose Reset MFA. You will be asked to set up MFA again on your next login.

mceclip5.png

Disabling MFA for a Client Portal User

  1. Go to CRM > Contacts > Batch Action.

  2. Select the contact for which MFA for the client portal needs to be disabled.

  3. Click Next > Update.

  4. Click Yes next to Disable MFA field.

  5. Click Confirm.

Did this answer your question?