Multi-factor authentication for Business and Consumer Portal
Summarize
Summary of Multi-factor authentication for Business and Consumer Portal
Enabling multi-factor authentication (MFA) for Business and Consumer portal users enhances the security of self-service web portals by requiring users to provide more than one form of credentials during login. This added layer of security helps protect access from potential vulnerabilities.
Show less
Key Features
- Enable or disable MFA: Controlled by the property
glide.authenticate.multifactor, which allows administrators to activate MFA for users. - Bypass setup count: The property
glide.authenticate.multifactor.setup.bypass.countdefines how many times users can skip setting up MFA, allowing limited login access without a mobile device. The default is 3 bypasses. - One-time code validity: Configured with
glide.multifactor.onetime.code.validity, this sets the time (in minutes) that a one-time passcode sent to a user’s email remains valid, defaulting to 10 minutes. - Clock skew adjustment: The
glide.authenticate.multifactor.clockskewproperty allows a time window (up to 60 seconds) to accommodate clock differences between the code generator and the server, enhancing successful code validation.
Configuration Guidance
To enforce MFA for specific user groups, add the external role sncustomerservice.customer to the multi-factor roles list. This ensures that users with this role must use MFA when accessing the portals.
Enable multi-factor authentication for Business and Consumer portal users so that access to the self-service web portals is more secure from potential vulnerabilities.
Multi-factor authentication, also known as two-step verification, is a security requirement that asserts a user enter more than one set of credentials. For more information, see Multi-factor authentication.
Multi-factor authentication properties
| Property | Description |
|---|---|
| Enable Multi-factor authentication [glide.authenticate.multifactor] |
Select this check box to allow users and administrators to use this feature.
|
| Number of times a user can bypass setting up multi-factor authentication
[glide.authenticate.multifactor.setup.bypass.count] |
Enter a number that represents how many times a user can choose to skip the
additional passcode requirement. This gives your users the ability to still log in the
instance if they do not have their mobile device with them. If you disable this feature and
then re-enable it, the counter starts over again.
|
| The time in minutes, the one time code sent to user's email address is valid
for [glide.multifactor.onetime.code.validity] |
Enter a number in minutes that specifies how long the reset code is valid. See Log on with multi-factor
authentication.
|
| Additional time in seconds for which the code will be valid to accommodate for the
clock skew. Max value is 60
seconds. [glide.authenticate.multifactor.clock_skew] |
Enter a number in seconds with a maximum of 60. By default,
the instance validates the code entered by the user against the single app-generated code
generated at whatever the current time - x/2 and current time + x/2, where 'x' is
the value of this property. If you use the value of 10, for example, the
instance considers any codes generated by the app between the time range [the
current time - 5 seconds] and [current time + 5 seconds] to be
valid. Use this property to prevent log in issues where the user is unable to enter the correct code in the default time allotted. |
Configure roles for multi-factor authentication
Add the external role sn_customerservice.customer to the multi-factor roles.
Users with this role is required to use multi-factor authentication. For more information, see Configure user-based multi-factor criteria.