Using MFA means that, in addition to your usual login combination (e.g. an email address and a password), you need to enter a specific one-time-code that you receive on your smartphone. Some web applications send such a code using an SMS message, other web applications use an ‘Authenticator’ app that you install on your smartphone. This app generates a new code every minute, which is always valid for 1 minute only.
The MFA can be activated by an Owner in the Security settings page.
-
Click on Settings in the menu on the left.
-
Click on Security settings in the menu.
-
Activate the MFA by clicking on the button next to Enable MFA.
-
Click on Save.
After MFA has been activated, the first time a user logs into the platform they will see a mobile authenticator setup page with a QR code and an explanation of how to set up the MFA.
-
Scan the QR code. You will receive a 6-digit code.
-
Enter the code into the one-time-code field on the page.
You can provide a device name to help you manage your One-Time-Password (OTP) devices.
All subsequent times a users logs in, they will see the one-time code entry field.
-
Open the authenticator app.
-
Copy the 6-digit code.
-
Enter the code into the one-time-code field on the page.
It is possible that you are able to enter a code, but you receive a message that it is invalid. Each code is only valid for 1 minute. If the time difference between your smartphone and the device you are trying to log in to (e.g. your laptop) is too big, the code will no longer be valid when you enter it. Check the time of your smartphone and your laptop and adjust them if necessary so that they match up better.
It Is important that you make sure to keep the Authenticator app on your smartphone. Should you delete the app, or your account in the app, you will need to contact Assessio Support. Support can reset your MFA so that you can set up your MFA connection again, meaning that you once again need to scan a QR code and follow the necessary steps.