Two-factor authentication for user accounts
Click here to see this page in full context

 

Two-factor authentication for user accounts

Two-factor authentication (2FA) provides protection against unauthorized login attempts by adding a second factor of authentication to the Miradore login.

Supported account types

All user accounts in Miradore Management Suite support two-factor login.

Enforced two-factor authentication for all users

Administrators can enforce two-factor authentication for all users (System settings > Main > Password policy settings > Require two-factor authentication). When enabled, users will be prompted to setup the 2FA when they try to login to Miradore next time.

Voluntary two-factor authentication

If administrators don't want to enforce the use of the 2FA, users can still activate the two-factor authentication for their own user accounts on a voluntary basis.

How users can enable two-factor authentication for themselves

Any user can enable two-factor authentication for his/her account by following the steps below:

  1. While logged in, open "My account settings".

  2. Switch into "Edit" mode and click the button on the "Two-factor authentication" row to enable two-factor authentication.

  3. Install an authenticator application (e.g. Google Authenticator) or browser plug-in of your choice for yourself, and use the given authentication key or QR code to add Miradore Management Suite to your authenticator. After that, enter your Miradore Management Suite login password and an authentication code from your authenticator solution to the popup and click Enable to activate the two-factor authentication for your account.

  4. Finally, save the account settings and you're done. Next time when you log in, you are asked to enter both password and an authentication code in the login screen.

Disabling two-factor authentication

If administrator has not enforced the use of 2FA system wide, then users can disable two-factor authentication for their account through "My account settings". While doing so the user must be able to provide both the login password and the authentication code.

Administrators can disable two-factor authentication for any account in the Administration > Permissions > Two-factor authentication view that lists all user accounts that have two factor-authentication activated. To do that, administrator first needs to select the desired user accounts and then choose Tools > Disable two-factor authentication in the view's Tasks menu.

What if user loses his/her authenticator?

If a user loses or is no more able to access his/her authenticator, he/she can request administrators to disable the two-factor authentication by using the Lost your authenticator? link that is provided in the second step of the login process.

Administrators see two-factor authentication disable requests in the Two-factor authentication view by checking the value of the Reset requested column.

A two-factor authentication disable request also gets automatically reset back to value "No" if the user performs a successful login which means that he/she has found his/her authenticator.

Related to

User management

 

Copyright © 2022 Miradore Ltd. All rights reserved. Miradore is a registered trademark of Miradore Ltd. All other trademarks or registered trademarks are property of their respective owners.