Multi-Factor Authentication

MFA (Multi-factor Authentication) is an authentication method that requires a user to provide two or more verification factors in order to obtain access to a resource. Fullcast MFA strengthens the user verification process and enhances the protection of user data.

The authentication methods of fullcast are furnished with two kinds of MFAs. They are:

  • Google Authenticator - requires an authenticator application to authenticate through google's QR code
  • Email MFA - authentication is done through registered email

Understanding users in fullcast

To understand multifactor authentication, it is required to understand the users in the fullcast platform. There are primarily two kinds of users on the fullcast platform:
a. Standard user
b. Tenant Admin

A Tenant Admin can perform edit, delete, block a user and reset multifactor actions as shown in the figure below on any user's account; whether it is a standard user or a tenant admin. On the other hand, a standard user doesn't have these privileges.

Editing an account

While editing an account, the following actions shows up to be performed:

  1. You can assign the privilege of being a Tenant Admin to an account by selecting the Yes radio button. You can withdraw the privilege by selecting No, and the account holder becomes a standard user.
  2. In the dropdown in the Multifactor Authentication, there are three options to be selected. You can enable or disable Multifactor Authentication for that user by selecting the same. The N/A stands for not available, defining that multifactor authentication is not available for that user.

Enable multifactor at Tenant Level
To enable MFA for a particular user, it is also required to enable multifactor authentication at the user's Tenant level. To do that, you need to do the following:

  1. Go to the Tenant Settings tab.
  2. Inside Tenant Settings, you can enable Multifactor Authentication by selecting the Enforce Multifactor Authentication checkbox as shown in the figure below:

Authentication Scenarios
Depending on the MFA settings provided in the User settings and the Tenant Settings as described above, there could be four scenarios in authentication:

📘

Scenarios

User Multifactor Authentication - N/A, Tenant Multifactor Authentication - Enabled
Passcode required

User Multifactor Authentication - Enabled, Tenant Multifactor Authentication - Enabled
Passcode required

User Multifactor Authentication - Disabled, Tenant Multifactor Authentication - Enabled
Passcode is not required

User Multifactor Authentication - Disabled, Tenant Multifactor Authentication - Disabled
Passcode is not required

Authenticate using Google Authenticator

When for the very first time, a user's multifactor authentication is activated, the user has to go through the following steps:

  1. Enter the username and password
  2. Select Try another metho
  3. Select Google Authenticator or similar
  4. Scan the QR code with your preferred authenticator app and enter the passcode generated in your phone
    Once you press continue, you are authenticated and you can access the application.

📘

Authentication Passcode

From this time onwards, whenever you try to log in, you'll be asked to enter a passcode which you can find in your authenticator application.

📘

Remember Passcode

If you tick the checkbox of Remember this device for 30 days, the login will not ask for a passcode for the coming thirty days. This option shows up only if in your Tenant Settings, Remember Browser checkbox is ticked.

Authenticate through registered email
Using your registered email id, you can authenticate your identity as well. If you select Try another method as shown in the figure above, a new page shows up asking to select Email for verification:

  1. Selecting Email will send a verification code to your registered email id and a page will show up as shown below to fill the code:
  2. After entering the code, press Continue, and your verification is completed giving you access to the fullcast application.