Enabling Multi-Factor Authentication (MFA) or Two-Factor Authentication

You can enable multi-factor authentication (MFA) or two-factor authentication (2FA) for your Bynder users. This provides an additional security layer for portal login processes that do not use single sign-on (SSO). 

Users with MFA enabled need to enter an additional security code in addition to their regular email and password. This security code is generated by an authenticator app on another device, usually a smartphone.

All MFA apps that support TOTP (Time-based One-Time Passwords) can be used.

The MFA will only work with email and password login. Users who log in with SSO won't be prompted to enter the MFA code. 

Once MFA is enabled in your portal, your users can begin logging in; see here for instructions on logging in with MFA.

SSO-only users assigned to a profile with MFA enabled will still need to authenticate using MFA on the first login.

How to Enable MFA

This feature/solution requires Customer Support to enable, but then individual permissions can be done by the Bynder Admin.

Don't yet have Bynder? Start Here!

If your portal does not utilize Single Sign-On (SSO), we strongly recommend implementing Multi-Factor Authentication (MFA) to enhance account security.

Bynder only enables the MFA feature for you. Bynder provides the infrastructure to support MFA but does not manage individual user credentials. Because MFA relies on third-party mobile applications, it cannot be configured globally by Bynder; each user must complete their own setup.

  • (Optional) Enable 2FA for all or specific user profiles, requiring users with these profiles to set up and use MFA. 

How to Enable MFA for All or Specific User Profiles

Note

Certain portals are configured with an additional permission called "Manage own user profile." If this is the case in your portal, this permission must also be enabled for MFA profiles. Otherwise, the user will not be able to configure their MFA.

  1. Navigate to Settings > Users & rights > Permission Management.
  2. Select the user profile for which you want to enable 2FA.
  3. Select the permission Required for MFA login in the Users and Permissions section.
  4. Select Save.
  5. All users in that profile will have to set up 2FA the next time they try to log in.
  6. The user's profile will go from the left image to the right, confirming the MFA has been enabled. 

 

How to Reset MFA for a User

Only users with a permission profile that has the required MFA-on-login permission enabled will need to reconfigure their MFA on their first login after the MFA reset. Users with a profile for which this permission is not enabled will not be required to re-enroll for MFA. They can re-enroll manually by going to their account page.

  1. Navigate to Settings > Users & rights > User Management.
  2. Search for the user who needs an MFA reset and click the account.
  3. Click the Reset button in the Multi-Factor Authentication section. The user can now log in again without using MFA.
  4. Click Save.

How to Disable MFA For the Complete Portal

Multi-factor authentication can be disabled for the entire portal. This will affect all users who have previously set up MFA, as they can no longer use it.

This feature/solution requires Customer Support to enable, but then individual permissions can be done by the Bynder Admin.

Don't yet have Bynder? Start Here!

How to Disable MFA For Specific Permission Profile

  1. Navigate to Settings > Users & rights > Permission Management.
  2. Select the user profile for which you want to disable 2FA.
  3. In the Users and permissions section, deselect the "Require MFA on login" permission.
  4. Click Save.

How to Disable MFA For a Specific User

To disable MFA for a specific user, the user's profile must be temporarily disabled. 

  1. Navigate to Settings > Users & rights > User Management.
  2. Search for the user whose MFA needs to be reset.
  3. Click on the account and check the user profile.
  4. Go to Settings > Users & rights > Permission Management to verify your permissions.
  5. Select the user profile for which MFA temporarily needs to be disabled.
  6. In the Users and Permissions section, deselect the MFA permission when logging in.
  7. Click Save.
  8. Go back to Settings > Users & rights > User Management and reopen the user's account.
  9. Click the Reset button in the Multi-Factor Authentication section. The MFA status will now be disabled.
  10. Go back to Settings > Users & rights > Permission Management.
  11. Select the user profile for which MFA was switched off.
  12. Select the permission Required for MFA login in the Users and Permissions section.
  13. Click the Save.

Updated