Configuring Multi-Factor Authentication on the User Portal

Multi-Factor Authentication (MFA) adds a crucial second layer of security to user accounts in OPS-COM, significantly enhancing protection against unauthorized access. Currently, the primary method implemented is the use of one-time passwords (OTPs) sent via email. This article outlines how administrators can configure MFA at the system level and how users interact with this enhanced security feature on their portal.

Setup & Configuration

Implementing MFA involves administrator-side configuration within System Settings and customizing the associated email template.

Admin Side Configuration

One-time passwords will not be available on the user portal until enabled within System Settings.

  1. Hover over System Configuration and click System Settings.
  2. On the User Profile tab, click Enable Multi-Factor Authentication.

If this setting is not available for you to change, please have your primary Admin contact support@ops-com.com to have it turned on.

This is a ternary setting, meaning it has three different states, allowing for flexible control over MFA implementation:

Email Template Configuration

The content of the one-time password email sent to users is defined within a dedicated email template.

  1. Hover over System Configuration, Content & Designs and click Email Templates.
  2. Locate and edit the One-Time Password Email Template.

Here, administrators can define the message and branding of the email. In addition to general user-specific shortcodes, this template includes specific shortcodes for OTP details:

One-time passwords always expire after 15 minutes. This cannot be changed.

jYLimage2.jpg


Using this Feature

User-Side MFA Management

Users can enable and manage their one-time password settings from their security page (formerly the passwords page). Refer to this wiki article to see the steps involved.

The state of the user's one-time password verification is stored in the local storage of their session data. If the local storage is cleared (e.g., clearing browser cache), they will have to enter another one-time password. The MFA verification does not persist across different web browsers or devices, meaning the user will have to enter a new one-time password if they try to log in using another browser or device.


Best Practices & Considerations


Revision #5
Created 9 October 2024 08:02:29 by Co-op Student
Updated 19 June 2025 09:56:30 by Cedar Boulianne