I would like to enable MFA and understand how it works.
Currently (Mid 2025) the GoCompliant 2nd factor to augment password pased authentication is a so called time based one-time password (TOTP) authentication.
Namely, upon login the user 1st needs to enter his password and thereafter will have to enter a 6 digit number that changes every 30 seconds and is valid for 60 seconds.
This 6 digit number is generated from a user secret saved in both our system and the user’s autheticator app (we recommend Microsoft Authenticator to this end) and the current time. Upon entering the 6 digit number our system can check if this was generated using the same secret as the one saved for the user at our end, provided the 60 seconds have not yet passed since its generation.
To be able to use TOTP authentication, the user secret must first be generated and saved in both our system and in the user’s authenticator app. This user secret is shown to the user in the form of a QR code upon the first login once the MFA is enabled (by the MFA_ENABLED system parameter). This QR code needs to be scanned and saved in the Authenticator App which will then generate the 6 digit number based on the saved secret.
The user secret can be reset by the IT Support in the “Admin / Authorizations / User Rights” page in case the secrets gets lost or possibly leaks, e.g. the device lost
Moreover, it is possible to enable MFA on a per user basis (it is only recommened for low risk accounts with only low permissions)
You may want to use a panel to highlight important steps.
|
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|