Multifactor Authentication provides an additional layer of security for user accounts. After a user enters their username and password, a prompt appears requesting a security code. The timed security code is generated by a Multifactor Authentication application installed on the user's mobile device. Anyone attempting to access the system using a username and password that has been compromised would also need access to the actual user's mobile device or email to gain entry to the system.  


Configuration 


To configure Multifactor Authentication, select the Multifactor Authentication Configuration option in the security section of the main menu.


The following form will appear.


 

Note: To use multifactor authentication, you must install a Multifactor authentication application on your mobile device. The applications are provided free of charge by various companies (Microsoft Authenticator, Google Authenticator,  Authy, and others). 


After installing your preferred authenticator application on your mobile device, select the Test Multifactor button in the upper right of the Multifactor Authentication form. 


A form like the following will appear. 

Using your desired mobile authenticator application, either scan the provided QR code with your mobile device or enter the provided key in the authenticator application.


Your mobile authenticator application will provide you with a code that will be available for a limited amount of time. The time limit shown in the authenticator application is how long the user will have to enter the code before the code changes, not how long the user will have to work within Aeries. 

 

Upon successfully entering the code, you will be returned to the Multifactor Authentication form and the Test Multifactor button will now display a green circled check mark.  



Multifactor Authentication can be turned on/off by selecting the Enable Multifactor Authentication option, and by selecting which type of login must use multifactor authentication. The message users see when authenticating can also be customized using the Custom Setup Text and the Custom Verification Text.   



 

 Additional Security


The Additional Security section of the Multifactor Authentication Configuration page can also be set to require an authentication code whenever certain sections of Aeries Web need to be accessed. The settings in this area can be further secured by identifying the instance of Aeries Web as being either Internal or External



Usage


Once Multifactor Authentication has been setup, configured users will see the following prompt upon their initial login after entering their password. 

Using their preferred authenticator application installed on the user's mobile device, the user will need to scan the provided QR code. The authenticator application will then provide timed codes which the user will need to enter in Aeries Web when prompted to gain access to the system. 


Configured users will see the following prompt after their initial login and after having entered their password.

 


Resetting Multifactor Authentication for a user

 

When Multifactor Authentication is enabled, the Multifactor option will appear in Security -> User.

 


The request to initialize Multifactor Authentication can be reset for an individual user by editing that User's (UGN) settings.