Difference between revisions of "Multifactor Authentication"
(→Using Multifactor Authentication in Charitylog) |
|||
(21 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
− | Multifactor authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a system | + | Multifactor authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a system. |
Instead of just entering a password (single-factor authentication), MFA adds extra layers of security by requiring additional factors, which typically fall into three categories: | Instead of just entering a password (single-factor authentication), MFA adds extra layers of security by requiring additional factors, which typically fall into three categories: | ||
− | + | *Something you know: This is usually a password or PIN. | |
− | + | *Something you have: This could be a smartphone, security token, or smart card. | |
− | + | *Something you are: This involves biometrics, such as a fingerprint, facial recognition, or voice recognition. | |
− | + | ||
+ | By combining multiple factors, MFA makes it much harder for unauthorised users to gain access, even if they have one of the factors, like your password. | ||
+ | |||
+ | == Using Multifactor Authentication in Charitylog == | ||
+ | |||
+ | There are two ways of using MFA in Charitylog. These are: | ||
+ | |||
+ | *'''SMS''' Using SMS requires you to create an account with [[TextAnywhere]] and purchase credits. Once done, users will be requested to enter a pin number when logging into Charitylog, which is sent to their mobile phone. | ||
+ | |||
+ | *'''Email''' Using Email requires you to set up you [[Email settings for sending emails]]. Once done, users will be requested to enter a pin number when logging into Charitylog, which is sent to their email. | ||
+ | |||
+ | To enable MFA, go to Logging in / System access under the Admin Menu. | ||
+ | |||
+ | [[File:m_fa.jpg|400px|alt="a screenshot of the logging in / system access button, highlighted in the admin menu."]] | ||
+ | |||
+ | Under the Security Rules section, you will find a field labelled "Require an additional PIN sent to the user to complete the login process". From this field you can select: | ||
+ | |||
+ | *'''Yes, all users''' This will require all users to enter a pin when logging in. | ||
+ | |||
+ | *'''Yes, selected groups only''' This allows you to define which user groups are required to enter a pin within [[Group Access Rights]] | ||
+ | |||
+ | The field below requires you to input a method. This is where you choose to use Email or SMS. | ||
+ | |||
+ | [[File:m_fa1.jpg|900px|alt="a screenshot of the security settings section, showing a field to record the method of mfa."]] | ||
+ | |||
+ | If you have chosen to only apply MFA to selected groups, you can record which groups are using it via the Group Access option in the Admin Menu. | ||
+ | |||
+ | [[File:m_fa2.jpg|400px|alt="a screenshot of the group access button, highlighted in the admin menu."]] | ||
+ | |||
+ | Select the name of the User Group you wish to enable MFA for. On the Group Options section, set "Is group required to use 2 factor authentication?" to "Yes". | ||
+ | |||
+ | [[File:m_fa3.jpg|900px|alt="a screenshot of the group access page, showing the group options section and the field to set that the group is require to use 2 factor authentication."]] | ||
+ | |||
+ | Once done, users will be requested to enter a pin when logging into Charitylog. That pin will either be sent to their mobile device via SMS, or to their Email. The user '''must''' have an Email address and Mobile number recorded in their user record for this to work. |
Latest revision as of 10:09, 29 August 2024
What is Multifactor Authentication (MFA)
Multifactor authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a system.
Instead of just entering a password (single-factor authentication), MFA adds extra layers of security by requiring additional factors, which typically fall into three categories:
- Something you know: This is usually a password or PIN.
- Something you have: This could be a smartphone, security token, or smart card.
- Something you are: This involves biometrics, such as a fingerprint, facial recognition, or voice recognition.
By combining multiple factors, MFA makes it much harder for unauthorised users to gain access, even if they have one of the factors, like your password.
Using Multifactor Authentication in Charitylog
There are two ways of using MFA in Charitylog. These are:
- SMS Using SMS requires you to create an account with TextAnywhere and purchase credits. Once done, users will be requested to enter a pin number when logging into Charitylog, which is sent to their mobile phone.
- Email Using Email requires you to set up you Email settings for sending emails. Once done, users will be requested to enter a pin number when logging into Charitylog, which is sent to their email.
To enable MFA, go to Logging in / System access under the Admin Menu.
Under the Security Rules section, you will find a field labelled "Require an additional PIN sent to the user to complete the login process". From this field you can select:
- Yes, all users This will require all users to enter a pin when logging in.
- Yes, selected groups only This allows you to define which user groups are required to enter a pin within Group Access Rights
The field below requires you to input a method. This is where you choose to use Email or SMS.
If you have chosen to only apply MFA to selected groups, you can record which groups are using it via the Group Access option in the Admin Menu.
Select the name of the User Group you wish to enable MFA for. On the Group Options section, set "Is group required to use 2 factor authentication?" to "Yes".
Once done, users will be requested to enter a pin when logging into Charitylog. That pin will either be sent to their mobile device via SMS, or to their Email. The user must have an Email address and Mobile number recorded in their user record for this to work.