Multifactor Authentication

This feature is available starting with Identity Director 2021.2.

In the Management Portal, at Setup > Multifactor Authentication, you can enable multifactor authentication in your environment.

Once you activate this option, all users will be redirected to the enrollment screen the next time they attempt to log into their account, either in the Management Portal or the Web Portal. On the enrollment screen, users can either scan the QR code with the authenticator application on their mobile phone, or manually enter the code into the application. This only needs to be done once and, starting from that point, the authenticator will start generating codes that must be used during each login attempt.

Once you enable multifactor authentication in your environment, all users have to enroll in order to log in. To unenroll a user, click on the Unenroll button at the button of the Multifactor Authentication page and select them from the list of people. Once you confirm and complete this action, the user will have to restart the enrollment process.

If you click on the Reset button, all the enrollments will be removed for all users.

In order for multifactor authentication to work correctly in your environment, you need to make sure the following conditions are met:

  • In IIS, the Load User Profile option is set to True for the application pools that host the following web applications: Management Portal, Web Portal, and Mobile Gateway.

  • For the Management Portal, Web Portal, and Mobile Gateway, you have configured the same encryption key.

  • In your environment, Identity Broker Authentication is disabled. Multifactor authentication does not work on the components for which Identity Broker is active.

See also: