What is MFA
Multi-Factor Authentication (MFA) is a security method that enhances user identity verification beyond the traditional username and password combination.
Why is it important
MFA significantly reduces the risk of successful cyber attacks. Unlike just relying on a username and password, MFA adds an extra layer of security.
Usernames and passwords can be vulnerable to attacks or theft by third parties.
Why is Procurify implementing MFA
Our Multi-factor Authentication (MFA) feature enhances account security by requiring users to provide multiple forms of verification before accessing their accounts. This feature, integrated with Auth0, adds a critical layer of security beyond traditional password authentication.
Key Components:
Authentication Methods: Users authenticate using both their usual login credentials and a one-time password (OTP) generated by an authentication app such as Google Authenticator, Microsoft Authenticator, or Auth0 Guardian.
Implementation Scope:
Web Application: The MFA feature is currently available through our web application, ensuring enhanced security for web-based logins.
Domain-wide Setting: The setting is across the entire domain, ensuring uniform security protocols for all users within your domain without individual exceptions.
How to enable Multi-Factor Authentication (MFA) on your Domain
Steps:
You must have access to the ‘Manage Access’ section in Procurify to complete the setup.
Navigate to Settings -> Security and Authentication: MFA
Click on ‘Enforce MFA’
Please note that all users must enroll in the MFA authentication workflow. This is a domain-wide setting and can not be customized for individual users.
Downloading an Authenticator app will be required for all users accessing the domain once MFA is enabled.
We recommend the following Authenticator apps:
Authy (Google Play / App Store).
Google Authenticator (Google Play / App Store).
Auth0 Guardian (Google Play / App Store).
Microsoft Authenticator (Google Play / App Store)
How to reset MFA for a User
Resetting MFA enrolment for a specific user if they are unable to access their one-time-passkey or their recovery code.
Steps:
You must have access to ‘Manage Users’ in Procurify and know the user details of the user you want to reset MFA for.
Navigate to Settings -> Manage Users
Navigate to the user you want to reset MFA for
On the ‘User Details’ page, click on ‘Reset multi-factor-authentication’ and confirm the reset
How to Disable MFA
Steps:
Navigate to settings.
Select Security and Authentication: MFA.
Click on Deactivate MFA.