Multi-Factor Authentication
To enable Multi-Factor Authentication (MFA) and start using one-time passwords, follow these steps:
Quick Steps:
-
Login then click on your name. In the dropdown click 'Security'.
- Click the 'Change Multifactor Authentication Settings' to open the 'Multi-Factor Authentication' settings page.
- Choose to 'Disable MFA' or 'Enable One-Time Passwords'.
-
Click on 'Send One-Time Password To Email' then go into your email and copy your one time password.
- Enter your one-time password as well as your current password then click 'Submit'.
The one-time password is only valid for 15 minutes. If the password has expired, a new one will be generated.
Step-by-Step Instructions:
- Log In to the System: Login then click on your name. In the dropdown click 'Security'.
- Access Security Settings: Find the 'Multi-Factor Authentication' section. This section shows the current MFA status and includes a button to manage the settings.
- Manage MFA Settings: Click the 'Change Multifactor Authentication Settings' button at the bottom of the page to open the 'Multi-Factor Authentication' settings.
-
Access MFA Settings Page: On the 'Multi-Factor Authentication' settings page, you can either: 'Disable MFA', or 'Enable One-Time Passwords'.
-
Save Your Changes: To save your changes, click on the 'Send One-Time Password To Email' then enter: Your current password, and A one-time password (OTP).
-
Send a One-Time Password (OTP): To receive a OTP, click the button to send it to your registered email address.
The OTP will be sent to you by email and is valid for 15 minutes.
-
Select your OTP option: Select your OTP option from the picklist below the current password field. Press 'Submit' to confirm your changes and update your MFA settings. These are your choices:
- OTP Expiry: Any unused OTPs will be invalidated if a new OTP is generated, even if they haven't expired yet.
- OTP Email Format: The OTP email will follow the template set for your account.
- Session Storage: Once you enter an OTP, it is stored in your session data. If you clear your browser's local storage, you'll need to enter a new OTP.
- Different Devices: OTPs do not persist across different browsers or devices. If you log in from another device, you'll be prompted to enter a new OTP.
-
Logging In with MFA: Login by entering your username and password as normal.
-
OTP Prompt: After logging in, you'll be prompted to enter a one-time password.
-
Accessing Other Pages: You will be redirected to the OTP screen when accessing any page other than:
/login
– Login page/logout
– Logout page/one_time_password
– OTP entry screen/account/send_email
– Send OTP email/account/multiauth
– Multi-auth settings page
-
Complete OTP Entry: Enter your OTP, submit it, and you'll be able to access the rest of the site.