Skip to main content

Enhanced Admin Security: Multi-Factor Authentication (MFA) with OperationsCommander

Multi-Factor Authentication (MFA) provides a critical layer of security for OPS-COM administrator accounts by requiring an email-delivered One-Time Password (OTP). Its primary purpose is to significantly strengthen account protection and prevent unauthorized access to sensitive system data. This article is intended for OPS-COM administrators.

Setup and Configuration

The MFA feature offers three distinct configuration levels for your organization's administrative portal. Currently, modifying your site's overall MFA setting requires assistance from our team. If you wish to adjust your configuration, please contact support@ops-com.com.

Available Configuration Options

  • Hidden: MFA is strictly required for security-sensitive actions only. It will not appear during a standard login attempt.

  • Visible: Administrators are given the choice to use MFA during standard logins. It remains mandatory for security-sensitive actions.

  • Required: MFA is mandatory for every administrator login and all security-sensitive actions.

Using this Feature

Depending on your organization's configuration, you will interact with the MFA prompt during the standard login process or when performing critical account updates.

Authenticating a Login

When MFA is set to Visible or Required, the system will prompt you to authenticate your identity after entering your username and password.

  1. Enter your standard administrator credentials on the login screen.

  2. Check your associated email inbox for the automatically generated One-Time Password (OTP).

  3. Enter the OTP into the provided MFA prompt on the screen to access the administrative portal.

Mandatory Security Actions

Regardless of your site's overall MFA configuration level (Hidden, Visible, or Required), an OTP is always mandatory when performing the following security-sensitive actions:

  • Admin Account Creation

  • Password Changes

Originally requested on this community item!


Best Practices and Considerations

  • Enforce Maximum Security: Organizations should use the Required setting as their standard business rule. Mandating MFA for every administrative login provides the highest level of protection against compromised credentials and unauthorized system access.

  • Verify Email Addresses: If an administrator does not receive their MFA code, their email address may be missing, outdated, or misspelled on their user profile. They must contact a primary system administrator to have their profile updated before they can log in.