Multi Factor Authentication (MFA)
Multi-factor authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password. This is achievable in this instance by the user also utilizing either the Google or Microsoft Authenticator app. For more information regarding the Google Authenticator app refer to Google Authenticator website. Alternatively refer to the Microsoft Authenticator website for further information.
This section will describe the process for the setup and the configuration for MFA.
For MFA to be configured, 2 Factor authentication needs to be enabled at Base Group Admin. Please contact AMAG Technical Support for more details or support if required.
MFA/2FA Configuration (Base Group Settings)
The user must have Base Group Admin access rights to complete MFA configuration.
Navigate to the IDM > Impersonation section. Click the Impersonation button to enter the configuration section.
Click the Features Configuration icon (cog) next to the application that requires configuration.
Click on the 2 Factor Configuration option to enter the Features Configuration section.
Toggle the 2FA (2 Factor Authentication) option to the ON position to activate the function.
Once Selected you will be presented with the following:
Authentication App Display Name: This will allow the users to customize the app name which is displayed when configuring MFA/2FA in their chosen Authentication App (Google or Microsoft).
Disable Group Level Override: This setting determines whether an IDM Administrator can select (toggle between On or Off) to turn MFA/2FA process On or Off inside of the IDM product.
OFF - IDM administrators must enable MFA/2FA within the settings for IDM > Configuration > Settings > Authentication Policy > Require Two Factor Authentication.
ON - Users will not have control of the setting in IDM and all first time logins will be mandated once the Group settings are saved.
Click the Confirm button to save and apply the configuration. Or click the Cancel button to delete and cancel the configuration.
Group Settings (Disable Group Level Override - OFF)
If the Group Level Override has been set to OFF, IDM Administrators can enter the IDM product and setup MFA/2FA using the below setting.
Navigate to IDM > Configuration > Settings > Authentication Policy > Require Two Factor Authentication (refer to the Authentication Policy for further information).
Once configured, first time logins for all users will require the set up of MFA/2FA with either the Microsoft or Google Authentication Applications. This process is detailed within the Microsoft or Google Authentication Applications.
On the first login attempt the user will be prompted to scan the provided QR code with the preferred Google or Microsoft mobile authenticator app.
Follow the instructions as prompted by the Google or Microsoft Authenticator app.
Once the MFA/2FA set up has been completed. The authenticator app will provide the user with a code. Enter this code in the field below the QR code to complete the MFA/2FA set up. Click the Verify button to verify the code.
Once the code has been entered and verified, the user will be logged into IDM.
MFA/2FA Authenticator and Password Resets
If a user requires their MFA/2FA to be reset. IDM Administrators can navigate to IDM > Identities. Select the identity that requires their MFA/2FA to be reset. Scroll to the bottom of the identity details page and locate the Reset 2FA button. Click the Reset 2FA button, the user will then be prompted to setup 2FA again using the above process as before.