Multi-Factor Authentication
To enable Multi-Factor Authentication (MFA) and start using one-time passwords, follow these steps:
Quick Step List
-
Login then click on your name. In the dropdown click Security.
- Click the Change Multifactor Authentication Settings to open the Multi-Factor Authentication settings page.
- Choose to disable MFA or enable one-time passwords.
-
Click on Send One-Time Password To Email then go into your email and copy your one time password.
- Enter your one-time password as well as your current password then click Submit.
The one-time password is only valid for 15 minutes. If the password has expired, a new one will be generated.
Step-by-Step Instructions
Enabling MFA
- Log In to the System: Login then click on your name. In the dropdown click Security.
- Access Security Settings: Find the Multi-Factor Authentication Section. This section shows the current MFA status and includes a button to manage the settings.
- Manage MFA Settings
Click the Change Multifactor Authentication Settings button at the bottom of the page to open the Multi-Factor Authentication settings.
Managing MFA Settings
-
Access MFA Settings Page:
On the Multi-Factor Authentication settings page, you can either:- Disable MFA, or
- Enable one-time passwords.
-
Save Your Changes:
To save your changes, click on the Send One-Time Password To Email then enter:- Your current password, and
- A one-time password (OTP).
-
Send a One-Time Password (OTP):
- To receive an OTP, click the button to send it to your registered email address.
- The OTP will be sent to you by email and is valid for 15 minutes.
- After 15 minutes, the OTP expires, and you will need to generate a new one.
-
Enter the OTP:
- Enter the OTP in the box below the current password field.
- Press Submit to confirm your changes and update your MFA settings.
OTP Expiry: Any unused OTPs will be invalidated if a new OTP is generated, even if they haven't expired yet.
OTP Email Format: The OTP email will follow the template set for your account.
Session Storage: Once you enter an OTP, it is stored in your session data. If you clear your browser's local storage, you'll need to enter a new OTP.
Different Devices: OTPs do not persist across different browsers or devices. If you log in from another device, you'll be prompted to enter a new OTP.
Logging In with MFA
-
Login as Usual:
Enter your username and password as normal. -
OTP Prompt:
After logging in, you'll be prompted to enter a one-time password. -
Accessing Other Pages:
You will be redirected to the OTP screen when accessing any page other than:/login
– Login page/logout
– Logout page/one_time_password
– OTP entry screen/account/send_email
– Send OTP email/account/multiauth
– Multi-auth settings page
-
Complete OTP Entry:
Enter your OTP, submit it, and you'll be able to access the rest of the site.