Why are we introducing MFA?
We are implementing Multi Factor Authentication to provide a second step of verification when logging in to BPOINT, this is to lower the risk of unauthorised access to the BPOINT platform.
Email only verification?
The initial implementation of this will be a one-time code sent to your registered email address for BPOINT.
Additional options are being reviewed for future enhancements to BPOINT.
How to Configure Multi-Factor Authentication.
- Log into BPOINT, as Administrator or Manager T1, and navigate to Settings, then, Manage Users.
On the upper right-hand section of the page, click Multi-Factor Authentication button.
- The Edit Multi-Factor Authentication settings form will pop-up.
Note that Multi-Factor Authentication is enabled by default.
Thus, the Enabled Multi-Factor toggle is greyed out.
Administrator/manager T1 users may set the MFA Timeout (hours) through this pop-up form.
How does BPOINT MFA work?
Once the [correct] login credentials have been provided in the BPOINT log on page, a BPOINT One-Time Code will be sent to linked user email address.
- The users will then be redirected to the Enter the one time code page.
Enter the code from the email and click Verify.
Can I enable/disable MFA for some users?
No. MFA configuration applies to all users.
What is MFA Timeout for?
After MFA one-time code has been verified, the timeout allows users to bypass MFA step for a specified period, as defined by the administrator or manager in the MFA “Timeout (hours)” configuration. (The default time set is 24 hours.)
e.g.
Admin/Manager T1 sets Timeout (hours) to 6 hours in Manage Users settings.
Users may then bypass MFA for 6 hours by ticking the Don’t ask again tickbox in the Enter the One-Time code page.
When activated, is MFA being required when resetting the password?
Yes. Once the user clicks on the password reset link, the one-time code will be sent via email and the user will be redirected to the Enter the One-time code page.