Enhanced Admin Security: Multi-Factor Authentication (MFA) with OperationsCommander
Multi-Factor Authentication (MFA) provides a critical layer of security for OPS-COM administrator accounts by requiring an email-delivered One-Time Password (OTP). Its primary purpose is to significantly strengthen account protection and prevent unauthorized access to sensitive system data. This article is intended for OPS-COM administrators.
Setup and Configuration
The MFA feature offers three distinct configuration levels for your organization's administrative portal. Currently, modifying your site's overall MFA setting requires assistance from our team. If you wish to adjust your configuration, please contact support@ops-com.com.
Available Configuration Options
Using this Feature
Depending on your organization's configuration, you will interact with the MFA prompt during the standard login process or when performing critical account updates.
Authenticating a Login
When MFA is set to Visible or Required, the system will prompt you to authenticate your identity after entering your username and password.
-
Enter your standard administrator credentials on the login screen.
-
Check your associated email inbox for the automatically generated One-Time Password (OTP).
-
Enter the OTP into the provided MFA prompt on the screen to access the administrative portal.
Mandatory Security Actions
Regardless of your site's overall MFA configuration level (Hidden, Visible, or Required), an OTP is always mandatory when performing the following security-sensitive actions:
-
Admin Account Creation
-
Password Changes
In OperationsCommander, the MFA email is classified as a mandatory security communication. These authentication emails will always be sent to the administrator, even if they have explicitly unsubscribed from all email communication categories on their user profile.
Originally requested on this community item!
Best Practices and Considerations
-
Enforce Maximum Security: Organizations should use the Required setting as their standard business rule. Mandating MFA for every administrative login provides the highest level of protection against compromised credentials and unauthorized system access.
-
Verify Email Addresses: If an administrator does not receive their MFA code, their email address may be missing, outdated, or misspelled on their user profile. They must contact a primary system administrator to have their profile updated before they can log in.