Audience: Administrators Edition : Enterprise
Overview
Multi-Factor Authentication (MFA) is a security feature that adds an additional layer of protection to your account by requiring users to enter a unique code, in addition to their username and password, in order to sign in.
OrgChart users can enable MFA and use any popular authentication app (i.e. Google Authenticator) to access their account.
Admins can require users to use MFA, easily audit which users have MFA configured, and even override the requirement for certain users.
This article provides step-by-step instructions for enabling MFA in your OrgChart account.
Important
MFA does not interfere with SSO configurations or embedded web links. Users that access the application via SSO or via a link embedded in your company's intranet will not be asked to re-authenticate with MFA.
Enabling MFA
1. Click on the Details option on the top right and then click on the Preferences option.
2. The preference settings dialog box appears. Click on the Multi-Factor Authentication Settings.
3. Follow the three steps outlined in the MFA Settings dialog, and then click on Verify Code and Activate.
4. MFA is now activated.
Signing In with MFA
-
Navigate to your OrgChart server.
-
Enter your username and password, and then click on Sign In.
-
Open your authenticator app, and locate the entry for OrgChart.
-
Enter the unique six digit code into the text boxes, and then click on Sign In Securely.
Administering MFA
After an Admin configures MFA for themselves, they will have access to the following additional MFA options:
-
Require MFA for all users
-
Audit user MFA status
-
Email MFA setup links
-
Override the MFA requirement for certain users
Requiring MFA for All Users
Admins can require all users to use MFA in order to sign in to the application. We suggest that Admins prompt their users to set up their MFA before requiring it at the account level.
1. Click on the Settings button in the bottom right corner, and then select the Account Settings option from the list.
2. Navigate to Authorization panel and then check the Multi-factor authentication is required by your account admin checkbox.
Important
Admins have to configure MFA for themselves before they can require it for all users. If you have not yet configured MFA for your own user, you will be prompted to do so.
3. If some users have not yet configured MFA, the following alert is spawned:
Click on No to not require users to sign in with MFA. You can then audit user MFA status and contact those who still need to configure MFA. Reference the Audit User MFA Status section below for more information.
Click on Yes to require users to sign in with MFA. You can send one-time login emails to users that have not yet configured MFA, or override MFA for certain users. Reference the MFA Setup Link and Overriding MFA sections below for more information.
Note
Admins can easily audit the MFA status of each user in the Account Settings: Manage Users panel.
MFA Setup Link
Once MFA is required for users to sign in, Admins can send individual users a one-time login email containing MFA setup instructions directly from the Account Settings: Manage Users panel.
1. Navigate to Manage Users in account settings and then hover over the name of the user, click on the pencil icon besides it.
2. Click on the Email MFA Setup Link option.
3. An email containing setup instructions is sent to the user. The user's MFA status will update as soon as the user configures MFA.
Optionally, you can click on the Export users option in the top right corner to export an Excel Spreadsheet of your users. You can filter by MFA status in this report.
Overriding MFA
Admins can choose to override the MFA requirement for certain users in the Account Settings: Manage Users panel.
1. Navigate to Manage Users in account settings and then hover over the name of the user, click on the pencil icon besides it.
2. Check the Override Multi-Factor Authentication checkbox. The MFA Status is changed to 'Bypassed.'
3. Click on Save.
Note
MFA does not apply to users signing in to the application via SSO, or users who click on web links embedded in their intranet. You do not need to override MFA for users who sign in via SSO or for users that are attached to web links.
Comments
0 comments
Please sign in to leave a comment.