Multi-Factor Authentication (MFA)

Owned by Adam Voakes
Aug 30, 2023
5 min read

A guide to setting up Multi-Factor Authentication (MFA) for use with the dashboard.

Multi-Factor Authentication is an authentication method that requires the users to provide 2 or more verification factors to be granted access to the application. In the context of the dashboard, the users will be required to identify themselves by more than a username and password.

MFA functionality has been introduced to the dashboard in August 2023 release. A number of option have been added to allow the users to setup MFA for the dashboard. This guide will explore all possible options available together with a thorough description of the new features relating to MFA in the UI, API and certain limitations.

The main areas in the dashboard that deal with the MFA:

  • Users Panel

  • User Account Info Panel

  • Security Configuration

Users Panel

An option to control the MFA status and setup per-user basis has been added to the Users Panel in Dashboard Configuration.

The MFA panel will reflect the MFA setup of the user and the options will be displayed accordingly to meet the user’s current situation.

Example 1:

Options:

Require MFA Checkbox: if not checked, the user will not need to setup or use MFA the next time they login.

MFA Status: represents the current status of this user’s MFA set up. If ‘Inactive’ the user has not successfully set up the MFA for the dashboard.

Example 2:

Options:

Require MFA Checkbox: if checked, the next time this user logs in, they will be prompted with a new QR code to add to their authenticator application. They will then need to provide a valid verification code to log in to the dashboard.

MFA Status: represents the current status of this user’s MFA set up. If ‘Active’ the user has successfully set up the MFA for the dashboard.

Deactivate MFA checkbox: if ticked, the user will have to go through the MFA setup again and will be prompted with a new QR code the next time they log in if ‘Require MFA’ checkbox is also ticked. If ‘Deactivate MFA’ and ‘Require MFA’ are both unticked, the user will not need to use MFA for the dashboard.

User Account Info Panel

An option has been introduced to activate or deactivate the MFA setup for your current user in the User Account Info Panel:

The MFA section will reflect the current MFA setup of your user and the options will be displayed accordingly to meet the user’s current setup.

 

Example 1:

 

Options:

MFA Status: represents the current status of this user’s MFA set up. If ‘Inactive’ the user has not successfully set up the MFA for the dashboard.

Activate MFA checkbox: if ticked, your current user will be prompted with a new QR code to add to their authenticator application. They will then need to provide a valid verification code to log in to the dashboard. Please note that you will have to confirm your password and click on ‘Save Details’ to be redirected to MFA setup.

Example 2:

Options:

MFA Status: represents the current status of this user’s MFA set up. If ‘Active’ the user has successfully set up the MFA for the dashboard.

Deactivate MFA checkbox: if ticked, your current will no longer be able to use their current MFA setup to login to the dashboard. Please note that you will have to confirm your password and click on ‘Save Details’ to disable the current MFA setup for this user.

Global Settings

If you wish to require for all your users to set up MFA for authentication, we provide an option to do so in the Security Configuration panel in the global settings screen. The checkbox ‘Require Users to Use Multi-Factor Authentication’ is responsible for enforcing the use of MFA setup to all users in the dashboard, including your current user. If checked, the ability to control MFA setup per-user basis will be disabled in the Users panel.

Options:

Checked: if the users have no previous MFA setup, the next time they try to log in, they will be prompted with a new QR code to scan to their authenticator application to provide a verification code to login to the dashboard. If they have previously successfully set up MFA and their MFA status is active then the users will be presented with a panel to provide a verification code and no new QR code.

Unchecked: users with the current MFA status of ‘Inactive’ will not be asked to set up MFA next time they login. The users that have ‘Active’ status will be required to enter verification code to login to the dashboard, unless their status is changed in the Users or User Account panels.

UI for MFA

If the users are required to use MFA to log in to the dashboard, the next time they log in they will be prompted with the MFA screen. The screen display will depend on the user’s MFA status.

MFA Status: Inactive - the user does not have an active MFA setup and they have been required to set up a new one in order to login to the dashboard

MFA Status: Active - the user has an active MFA setup and they have been required to use MFA to login to the dashboard

Security

We recommend to require all dashboard users to use Multi-Factor Authentication to login to the dashboard.

If you wish to check the current status of MFA setup across all your users, you can check the information in the Security Centre. If you have some users with no active MFA setup, you will receive a warning, displaying the total number of users with no MFA setup.

 

Current Limitations / Potential improvements for the future

Both of the below points will be considered for future improvements of MFA feature.

  • The current MFA functionality only applies to users logging in with a username and password. External authentication such as OpenID Connect is not currently supported. In addition, users accounts with MFA configured won’t be able to use the Dashboard API

  • No recovery code is available with the current implementation. Future improvements will include adding an option to get a recovery code if the device used to generate MFA is lost.