Configure Multi Factor Authentication
MFA (Multi-factor Authentication) is an authentication method that requires a user to provide two or more verification factors in order to obtain access to a resource. Fullcast MFA strengthens the user verification process and enhances the protection of user data.
The authentication methods of fullcast are furnished with two kinds of MFAs. They are:
- Google Authenticator - requires an authenticator application to authenticate through Google's QR code
- Email MFA - authentication is done through registered email
Note
Only tenant admins have the authorization to reset the MFA of an user.
Configuring MFA
- The tenant admin could enable MFA for the user while adding him. By default, the MFA field for the user is N/A while addition.
- Alternatively, the tenant admin could also enable the MFA field of the user after he gets added by using the edit option.
Enable multifactor at Tenant Level
To enable MFA for a particular user, it is also required to enable multifactor authentication at the user's Tenant level. To do that, you need to do the following:
- Go to the Settings tab near User Management.
- Select Enforce Multifactor Authentication checkbox from the Multifactor Authentication section.
Authentication Scenarios
Depending on the MFA settings provided in the User settings and the Tenant Settings as described above, there could be four scenarios in authentication:
User MFA | Tenant MFA | Passcode |
N/A | Enabled | Required |
Enabled | Enabled | Required |
Disabled | Enabled | Not Required |
Disabled | Disabled | Not Required |
Authenticate using Google Authenticator
When for the very first time, a user's multifactor authentication is activated, the user has to go through the following steps:
- Enter the username and password
- Select Try another method
- Select Google Authenticator or similar
- Scan the QR code with your preferred authenticator app and enter the passcode generated in your phone
- Once you press continue, you are authenticated and you can access the application.
Authentication Passcode
From this time onwards, whenever you try to log in, you'll be asked to enter a passcode which you can find in your authenticator application.
Remember Passcode
If you tick the checkbox of Remember this device for 30 days, the login will not ask for a passcode for the coming thirty days. This option shows up only if in your Tenant Settings, Remember Browser checkbox is ticked.
Authenticate through registered email
Using your registered email id, you can authenticate your identity as well. If you select Try another method as shown in the figure above, a new page shows up asking to select Email for verification:
- Selecting Email will send a verification code to your registered email id and a page will show up as shown below to fill the code:
- After entering the code, press Continue, and your verification is completed giving you access to the fullcast application.