Multi Factor Authentication, or MFA, adds an extra layer of security to your log in for iKnow. Now, once you have entered your username and password, you have the option to be sent an email, or to use the Google Authenticator app, to confirm that you are logging in legitimately.
If MFA is switched on for your site, the first time you log in, you will receive an email with a code, which you will need to enter to confirm your details.
Once logged in, you can choose to continue using email, to use Google Authenticator or have both activated. If you have both activated, the system will default to use Google Authenticator, but you will be able to choose to Use Email instead.
To make your choice, you will need to click Me at the top of the Dashboard.
You’ll then need to click the Multi Factor Authentication button on the right of the page.
Once you’ve entered your password, you’ll see a window where you can choose which MFA method you would like to use. Users can also generate Recovery Codes which can be used should the user not have access to the Google Authenticator app or their email. This will generate 16 single use recovery codes and these can be regenerated if they are all used or lost. Once you’ve made your selections, click the Save button.
If you choose to use Google Authenticator, you will need to download the Google Authenticator app from your app store and then link your iKnow site to the app. Once you’ve done this, the app will generate a random code, which is changed every 30 seconds, which you will need to enter after entering your log in details.
Administrators can set who will be required to use MFA by going to Settings and clicking Security.
They can then choose whether want only users within the Administrator Role to be required to use MFA, or if all users with more than View Only access to any module will be required to use it. They will also have the option to turn MFA off completely.
Administrators will also be able to see any successful logins, and any failed attempts to login, to iKnow.
If a user is not in a group that is required to use MFA, they will still have the option to switch it on for their own log in. This can be done by going to Me on the Dashboard, once they’ve logged in to iKnow. They will then be able to click the Multi-Factor Authentication button on the right, choose to activate MFA and which method they would like to use. They will also be able to generate Recovery Codes which can be used should the user not have access to the Google Authenticator app or their email.