This article explains the multi-factor authentication or MFA setup process and how to manage this within the Kobas Cloud.
Last updated 14 Oct 2022
Jump to:
- What is Multi-Factor Authentication?
- Why use this function?
- Consideration for Administrations: MFA Requirement
- For everyone: Setting up MFA
- Managing MFA for yourself
- Managing MFA for other users
Help! If you no longer have access through MFA, please read here.
What is Multi-Factor Authentication?
Multi-Factor Authentication is often referred to as MFA or 2FA, two-factor authentication. It provides additional security for your cloud account by requiring a second security check alongside your password. This means to login with MFA you will need:
- Something you know (your password) and
- Something you have (your phone)
The authentication app on your phone will provide you with a code to be entered when logging in.
You will first need to set up MFA, and then use the app on your phone when logging into Kobas Cloud. Your password won't need to change.
Why use this function?
Within your account, those with higher levels of access can view data that is deemed legally sensitive and personal, as well as commercially sensitive. By adding this feature we are following technology industry standards for ensuring the security of your data. This contributes significantly to your due diligence under GDPR legislation.
We strongly recommend that MFA is required for the highest level operators in your business but can be set to be required for any user level in cloud. When MFA is required for a user group, they will have a five day grace period to set it up before being locked out of their account. This period will count down on the log in page, to act as a reminder.
Consideration for Administrators: MFA Requirement
We strongly recommend that users in the Administration level make MFA required for their User Permission Level. Administration-level users will then be required to set up MFA within a grace period of five days of when they have made MFA required. The login page will remind the user of the time left until lockout. This requirement can be changed in Administration > Staff User Permission Levels.
A further reason for this is that Administrators can make significant changes to data on your account and these functions should be as secure as we can make them.
Please be aware that it will only be Administrators who can change whether a User Group are required to activate MFA or not, this cannot be delegated to lower user levels.
Note: Users will still be able to activate MFA on an individual basis, even if the User Group doesn't require they do so.
For everyone: Setting up MFA
If MFA is required for your account or you would like to set it up anyway, you will need to be on your Home / Welcome Page and choose Set Up MFA:
Step 1
You will need to have a second device on which you can download either the Google Authenticator or the Authy app. Both apps are available for free on Android and iOS and can be downloaded from the links below:
Step 2
Open the authenticator app on your phone and scan the QR Code on the screen. If you are unable to scan the QR code you can manually enter details shown on Kobas Cloud into the authenticator app.
That's all complete for the initial set up!
Step 3
Each time you then log into Cloud, you will need to open the authenticator app on your phone. After entering your Company ID, username and password, you will also need to enter a code that is generated by the app.
Warning: Where a code is entered incorrectly multiple times, the user will be locked out of cloud for 20 minutes before they can try again.
Managing MFA for yourself
If you have set up MFA, you can go to Home Page > Manage MFA to remove the requirement to MFA into your account. Your password will be required to do this. If you are within a user group that requires MFA, you will have a further five day grace period before you will be required to set up and use MFA.
Managing MFA for other users
This is available to users in the Administration user group.
To make this change, go to the staff user's profile in Staff > Current Staff > Full Details and the button Add/Remove MFA (depending on current MFA status for that user) will appear at the top of the profile.
Warning: Please be aware that Kobas Staff are unable to change or reset login details (password or MFA) for users, or to change Staff User Level Permissions. If you are unable to log in, or have issues with your permission level, please speak with your Manager, Kobas Champion or your Account Administrators.
Help! I no longer have access to my phone!
This happens to the best of us, in this scenario there are two routes to regain access to your Kobas account.
1. Using your authenticator app recovery process
MFA is designed to add a robust layer of security to accessing your account. Therefore, if you lose access to your MFA token, you will need to use the authenticator app's back up or recovery process to regain access.
All good authenticator apps will have these processes, please click the links for the processes for Authy and Google Authenticator.
Top Tip: We recommend that when you set up your MFA token in the first instance, you ensure all back up and recover steps are completed should you require this in the future.
2. Through an account administrator
Contact an administrator in your company, who can remove the requirement of MFA in your account.
Top Tip: We strongly recommend that there are at least two Administrators on each client account. This will allow each Administrator to be able to re-set each other's MFA access should that be required in the future. Kobas can only remove or reset MFA access for Administrators in extreme circumstances, and this is a chargeable service.