Skip to content
English - United States
Contact Us
  • There are no suggestions because the search field is empty.

Enabling Multi-Factor Authentication 

This User Guide provides an overview of Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA), including:   What it is,    When it applies,    Who controls it,     Where it is configured, and   How it functions in Smartwebs

What is MFA?

Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA), adds an extra layer of security to protect users and software from unauthorized access. It requires users to verify their identity through two or more methods during login, significantly reducing the risk of compromised credentials.

Where is it Configured?

A new Security tab has been added within the Company settings. As part of this update, Banking configuration has been moved to its own dedicated tab for easier access and organization.
1 R4

When Does it Apply?

Smartwebs offers three MFA options for management users to choose from:

  • Text Message

  • Email

  • Authenticator App (e.g., Duo, Google Authenticator)

This is an optional setting that must be enabled by a Global Admin. MFA is disabled by default until the Global Admin configures and activates it.

Admins can choose to keep MFA disabled, required, or optional for all of their Management users.

 

Who Controls It?

The Global Admin role within each Smartwebs client account has full control over enabling MFA and determining whether different MFA requirements should be applied.

 

How Does it Work? 

The Global Admin logs into Smartwebs and configures MFA settings at the Management level. The three configuration options available are:

  • Required
  • Optional
  • Disabled (default)

User when Disabled: 
3 R4

Required at the Management level: 
15 R4

User When Required: 
4 R4

Optional at the Management level:
13 R4

If Required or Optional at Management level, User may select their preferences at the User level:
7 R4
6 R4

Once a User has MFA Enabled, to make changes to their email or phone in use by MFA, open the User Drawer:
17 R4

Click the MFA Enabled button, which points to Sign-In & Security. This is also where Global Admin may update Users settings to prompt MFA enrollment.

To force MFA enrollment, Admin may Reset MFA for a User, which will also reset their password:
16 R4

User will receive a Password Reset email, which will prompt MFA enrollment:
14 R4
18 R4

If a Reset is not performed and MFA is Enabled, the User will be prompted with the same at their next Login:
21 R4

After selecting Next, the User will have to select from three options, to enroll via Email, Text, or App. For this test, I've selected App:
22 R4

Selecting the Email option will email the verification code: 
9 R4

Selecting the Text option will text the verification code: 
10 R4

Once the method has been selected and authenticated, the user will be prompted to enter their password: 
25 r4
confirmed r4

Allowing the User to click Next to be routed to the home page: 
26 r4

Once MFA has been configured, logins will prompt for the authentication code sent to the user's selected method (text, email, app) as follows: 
27 r4