Specifying multi-factor authentication settings

You can configure multi-factor authentication to enable users to perform an additional step to sign in to their accounts apart from password entry.. The additional step involves the entry of an OTP received over the registered email of users.

Procedure

  1. Expand the menu options, select Administration, and click Security.
  2. In the Multi-factor authentication tab, enable Use multi-factor authentication to specify whether multi-factor authentication is required.
  3. Provide the following values:
    Field Description
    Clock skew intervals Value based on which the validity of an OTP is calculated. An OTP is valid for the previous and current interval based on the specified value. For example, if you provide 1 in this field, the generated OTP is valid for the 30 seconds before receipt of the OTP and 30 seconds from the receipt of the OTP.
    Excluded users List of user login names, separate by commas, for whom the multi-factor authentication is not required. For example, administrator.
  4. Click Save.
    Your changes are saved.

What to do next

  • An OTP is sent to the user who tries to sign in through their registered email address and they can provide the OTP to sign in to the application. This step helps ensure that only the authenticated users have access to the application.
  • Administrators can send an OTP secret token to users by clicking the generate OTP secret token icon from the Manage users page.

    If multi-factor authentication is enabled, the secret token is sent to the email of users who sign up to the application. If there are existing users who onboarded when the multi-factor authentication was not enabled, you can send them the OTP secret token generator by clicking the generate OTP secret token icon.