Enabling Multi-Factor Authentication (MFA) or Two-Factor Authentication

Sara Anthony
Sara Anthony
  • Updated

You can enable multi-factor authentication (MFA) or two-factor authentication (2FA) for your Bynder users. This provides an extra security layer to the login process of portals that do not use single sign-on (SSO). 

Users with MFA enabled need to enter an additional security code in addition to their regular email and password. This security code is generated by an authenticator app on another device, usually a smartphone.

All MFA apps that support TOTP (Time-based One-Time Passwords) can be used.

The MFA will work only with the email and password login. Users who log in with SSO won't be prompted to enter the MFA code. 

Once MFA is enabled in your portal, your users can begin to log in; see here for instructions on how to log in via MFA.

SSO-only users assigned to a profile with MFA enabled will still need to authenticate using MFA on the first login.

How to Enable MFA

If your portal is not set up with single sign-on (SSO), we strongly advise rolling out multi-factor authentication portal-wide to secure your users' accounts as much as possible.

Contact your Customer Success Contact, who can help you set up multi-factor authentication for your portal. Once enabled, users can set up their MFA under their account settings.

  • (Optional) Enable 2FA for all or specific user profiles so that users with these profiles are required to set up and use MFA. Read more about it here

How to Enable MFA for All or Specific User Profiles

Note

Certain portals are configured to have an additional permission called Manage own user profile. If this is the case in your portal, this permission will also need to be enabled for MFA profiles. Otherwise, the user will not be able to configure their MFA.

  1. Navigate to Settings > Users & rights > Permission Management.
  2. Select the user profile for which you want to enable 2FA.
  3. Select the permission Required for MFA login in the Users and Permissions section.
  4. Select Save.
  5. All users in that profile will have to set up 2FA the next time they try to log in.
  6. The user's profile will go from the left image to the right, confirming the MFA has been enabled. 

 

How to Reset MFA for a User

Only users with a permission profile with the required MFA on login permission enabled will need to reconfigure their MFA upon their first login after the MFA reset. Users with a profile for which this permission is not enabled will not be required to re-enroll for MFA. They can re-enroll manually by going to their account page.

  1. Navigate to Settings > Users & rights > User Management.
  2. Search for the user who needs a MFA reset and click the account.
  3. Click the Reset button in the Multi-Factor Authentication section. The user can now log in again without using MFA.
  4. Click Save.

How to Disable MFA For the Complete Portal

Multi-factor authentication can be disabled for the entire portal. This will impact all users who set up MFA before, as they can no longer use it.

Contact your Customer Success Contact who can assist in switching off MFA completely from your portal.

How to Disable MFA For Specific Permission Profile

  1. Navigate to Settings > Users & rights > Permission Management.
  2. Select the user profile for which you want to disable 2FA.
  3. In the Users and permissions section, deselect the permission Require MFA on login.
  4. Click Save.

How to Disable MFA For a Specific User

To disable MFA for a specific user, MFA must be temporarily disabled for that user's profile. 

  1. Navigate to Settings > Users & rights > User Management.
  2. Search for the user whose MFA needs to be reset.
  3. Click on the account and check the user profile.
  4. Go to Settings > Users & rights > Permission Management to verify your permissions.
  5. Select the user profile for which MFA temporarily needs to be disabled.
  6. In the Users and Permissions section, deselect the permission required for MFA when logging in.
  7. Click Save.
  8. Go back to Settings > Users & rights > User Management and reopen the user's account.
  9. Click the Reset button in the Multi-Factor Authentication section. The status of the MFA will now turn to disabled.
  10. Go back to Settings > Users & rights > Permission Management.
  11. Select the user profile for which MFA was switched off.
  12. Select the permission Required for MFA login in the Users and Permissions section.
  13. Click the Save.
Share