Multi-factor Authentication (MFA) - Genius CE & Enterprise

Introduction

A significant number of users of Genius CE and Enterprise prioritize the security of their online accounts by implementing Multi-factor Authentication (MFA). The Genius CE and Enterprise platforms enable administrators and authorized users to set up a Two-Factor Authentication process. This feature serves as an essential security measure, designed to enhance the protection of your database by adding a layer of security. In this article, we will outline the steps necessary to configure this valuable feature to meet the specific needs of your organization.

Enabling Multi-factor Authentication (MFA)

To activate this feature for users, an Administrator or any role that has been granted access to the "Two Factor Authentication" section within the Admin menu will find this option located in the subsection labeled Users and Access. This is where the process begins for enabling MFA.

Upon accessing this section, the user will encounter a screen that features a drop-down menu. This menu will provide a comprehensive list of roles that the user can view or modify. Since the ability to enable this feature is role-specific, it may be necessary for the user to repeat this configuration process for each role that requires Multi-factor Authentication.

When setting up Multi-factor Authentication for a specific role, two crucial selections must be made.

The first selection pertains to the Multi Factor Type. The available options in the Multi Factor Type field include:

• QR Code: Selecting this option will require users to utilize an application on a secondary device to obtain a six-digit code, which is essential for validating their login to the Genius CE or Enterprise instance.
• Email: This option requires users to retrieve a code sent to their registered email inbox to authenticate their login to the Genius CE or Enterprise instance.

The second selection is the Multi-Factor Requirement, which is only applicable if the “QR Code” option is chosen as the Multi-Factor Type. The options available in the Multi Factor Authentication field include:

• Required: This setting mandates that all users assigned to this role must have the Multi-factor Authentication feature enabled.
• Optional (turned on/off by individual users): This allows users the flexibility to decide whether they want to enable or disable this feature for their accounts.
• Not available: Selecting this option prevents users from activating the Multi-factor Authentication feature altogether.

MFA User Experience through the QR Code Option

In cases where MFA is required, users affected by this setting will encounter a specific screen during the login process. This screen serves as a prompt for them to complete the authentication process:

For users in other roles (such as Admins, Affiliation Managers, Instructors, etc.) who have the option to turn MFA on or off, this capability will be available in the drop-down menu located at the top right corner of their screen once they are logged in. The subsequent steps for these roles will mirror those taken by a Learner.

It is essential to note that any role with the necessary permissions can modify this feature at any time through the Two Factor Authentication tab, and any changes made will take effect immediately for the affected users.

MFA User Experience through the E-mail option

When the E-mail option is selected for a specific user group’s Multi-factor Authentication, the following prompt will appear each time the user attempts to log in:

Users are required to check their email inbox associated with their account to retrieve the necessary code. Once they have obtained the code, they can proceed by clicking the verify button, allowing them to continue with the login process to access the Genius CE or Enterprise instance.