Feature - EP-3559 Multi Factor Authentication in epaPRO
NEW PERMISSIONS SETUP REQUIRED TRAINING RECOMMENDEDscreen changes
We added Multi-Factor Authentication (MFA) to the epaPRO login process into release 5.07.0 on Feb 28, 2023. In this initial release we added the authentication to be by “app” only.
Loaded to Production in release 5.08.0
Apr 25, 2023 we have added in authentication via Email and SMS.
Overview
We have now extended the Multi-factor Authentication (MFA) functionality to include email and SMS as authentication methods.
Changes to Functionality
Users can now configure email and SMS (where system settings permit) as authentication methods via their User Profile screen. For these authentication methods the system generates a 6 digit code that is sent to the user by either email/SMS, which they then need to enter to authenticate.
The system has a limit of ten minutes after sending, in which the code can be used before it expires, after which the user needs to request a new one be sent via the 'Resend Code' button when they authenticate.
Communications Templates
Under the User tab, you will see new templates for:
MFA Authentication Code
MFA Disabled
MFA Enabled
For both the email and sms that are sent to the user, please take care not to remove the {{mfa_code}} variable from either template, as this is required.
New Setting
We have also added a new setting to the MFA tab of the Configuration screen to allow SMS MFA to be turned on/off globally for all users of the system.
This is set to off by default.
Please Note - your system will need to have SMS enabled overall.
For this you will need to contact Support to request this is setup, to be able to use SMS MFA.
This setting in the Configuration area just controls whether users can use SMS as an option in MFA.
Impacted Areas
The areas impacted are the MFA screen (after login), Configuration screen, Communication Templates and the User Profile Screen.
Permissions
A new permission 'Manage MFA' has been added under the 'System Management - Configuration' section. This permission been granted to the Owner user to allow them to turn SMS MFA on/off.
MFA will be available to all epaPRO users and can be configured for each user via the new Multi-factor Authentication tab of the User Profile screen.
There is a “How do I use this” section to explain basically what it does, under this new tab.
In App
Clicking on the ellipsis under Actions and selecting Configure will open the following screen, this has an expandable “How do I” section, explaining how to connect to the app you are using for your authentication.
By SMS added in 5.08.0
When you enabling it for via SMS you will see the following screen:
By Email added in 5.08.0
When you enabling it via email you will see the following screen:
When setting up App based MFA authentication there are a variety of MFA applications that can be used - some examples can be located below:
Step by Step
MFA authentication can also be deactivated, via the Multi-factor Authentication tab of the User Profile screen. (Images to follow)
Once MFA authentication has been configured against you user account, you will be prompted to authenticate yourself the next time you log in to epaPRO.
If you select the option to remember your MFA login for 14 days, you will be "Remembered" and not have to MFA authenticate again within that timeframe, as long as you are always logging in from the same device/computer.
We also advise that this functionality is not used on shared devices, or with Shared Accounts.