Security with OperationsCommander

• Enhanced Admin Security: Multi-Factor Authentication (MFA) with OperationsCommander
• Resetting an Administrator's Forgotten Password

Enhanced Admin Security: Multi-Factor Authentication (MFA) with OperationsCommander

The OperationsCommander team has added a critical security layer for our Admin users: Multi-Factor Authentication (MFA)! This is Phase 2 of our MFA project; in Phase 1, we successfully delivered MFA for all user-side accounts. Phase 2 provides Primary Admins with three flexible control options (Hidden, Visible, or Required) and enables Admin Users to securely log in using an email-delivered One-Time Password (OTP). This significantly strengthens account protection, addressing a key security request from clients.

MFA is always mandatory for security-sensitive actions:

• Admin Account Creation
  

• Password Changes
  

You will receive an MFA email code for these actions, regardless of the system setting. If you don't receive the code, your email address may be missing or incorrect—please contact your administrator system admin for help.

There are 3 settings for the MFA functionality.

1. Hidden (required for security sensitive actions)
2. Visible (admin user's choice to use or not for non security sensitive actions)
3. Required (required for every login, and security sensitive action, this is the recommended option)

This setting is currently only configurable with the helps of support. If you wish to change the options on your site, contact support@ops-com.com

Here is how the prompt will look for your admin users:

Note: In OperationsCommander, the MFA email is a required security communication, and will be sent out to all users, even if they have unsubscribed from all email categories, on their user profile.

---

Originally requested on this community item!

Resetting an Administrator's Forgotten Password

From the Admin Login page click on Forgot your Username or Password to begin the process.

You will be prompted to enter your valid email address. This address must match the currently one that exists on the Admin user's Profile.

Once you have entered the email address click on Send Reminder to proceed.

The screen wil refresh and you will get a message indicating an email has been sent with a reset password link included.

This is a sample of what that email could look look like. This email can be edited and configured in Email Templates. See Lost Passwords.

The email link will take you to an interface where the admin will enter the email address discussed above and a new password.
The new password is required to be entered twice for confirmation.

Once a new password is chosen and entered, click on Reset Password to complete the process.

The admin will now be able to log in using the new password they entered.