Setting Up Multifactor Authentication for the Organization
Multifactor Authentication is enabled at the organization level. New organizations added to IAM will have MFA enabled automatically.
A new section called MFA Configuration has been added to the Organization Detail page with the following options:
- Mutli Factor Authentication – enables multifactor authentication when selected and enables all MFA options on the page for selection
- Access IAM when MFA provider is unavailable – when selected, allows users to access IAM when the Authy service is unavailable to verify users
- Allow VOIP Phone Numbers – when selected, allows voice over IP telephone numbers to be used for multifactor authentication
- Days to Remember Users – A value from 0 to 30 is allowed. A value from 1 to 30 allows the user to login to IAM without verifying their identity if they have done so within the configured number of days. 0 disables this option, requiring users to verify their identity every time they login. The default value is 1.
- IAM Roles – when selected, enables MFA for the Client Admin, Client User roles or both; both options cannot be blank, one role must be selected
- In the MFA Configuration panel, select the Multi Factor Authentication option to enable MFA. All other options are selected automatically.
- Make any desired changes to the configuration and click Save.
When MFA is enabled at the Organizational level, users with any of the included roles are required to complete the MFA setup process.
The setup process appears the next time the user signs into IAM. The user is prompted to select the identity verification method they would like to use. The option selected determines the contact information that needs to be collected in the next step.