Public
More
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Securing Community with Multi-Factor Authentication (MFA)

AshishKe
Moderator
‎01-11-2021 10:23 AM

Security is an important aspect of any community. To provide an additional layer of security for user accounts with privileged access rights within the community (usually Admins), Khoros has introduced Multi-Factor Authentication (MFA) support for communities. MFA increases user account security by requiring additional verification factors to prove a user’s identity when signing into the community application. Khoros provides MFA via the authenticator app mechanism.

Once MFA is enabled for a community, all privileged users (identified by the system on the basis of twenty six critical user permissions) will be prompted to set up MFA for their accounts. Users will provide their mobile number, and scan a QR code to add the Khoros community account in an authenticator app of their choice (Google authenticator/ Microsoft authenticator/ Authy, etc).

When these users login to the community, in addition to their username and password, they will have to go through another layer of authentication where they will be entering a Time-based One-Time Passcode (TOTP) from the authenticator app. Post verification, the user will be logged into the community.

 

First time setup:

AshishKe_0-1610349676114.png

 

Subsequent logins:

AshishKe_0-1610361446795.png

 

AshishKe_2-1610360323748.png

 

Communities can opt for MFA.  Open a Support ticket to enable MFA for your community. MFA support is currently available for non SSO communities. SSO Communities should configure MFA at their end with the SSO provider.

You can follow the links below to



Tags (2)
6 Comments
SantoshS
Khoros Alumni (Retired)
‎01-17-2021 09:47 PM

Great feature to enhance the security of the community product! Well done team and thank you for the wonderful write up @AshishKe .

I have a few questions:

1. Where can one learn more about privileged users?

2. Is MFA enabled for Atlas?

Regards.

0 Kudos
AshishKe
Moderator
‎01-19-2021 03:00 AM

Thank you @SantoshS !
Regarding your questions:

1. To know about the permissions that require MFA, you could go to Learn more about MFA.

2. MFA is not enabled for Atlas as MFA support is currently available for non SSO communities.

arthurkemp
Contributor
‎03-26-2021 03:45 AM

@AshishKe : Hi, my work mobile had a problem with the camera so I had to use my private mobile to use the authenticator. The problem is fixed, so I want the authenticator entry from my private mobile transferred to my work mobile. How can I do that? BR Arthur

0 Kudos
Drew_C
Executive
‎03-26-2021 08:23 AM

@arthurkemp 

I imagine it's like most other 2FA/MFA registration processes. If so, you'll need to disable MFA on your account and then re-enable it to be presented with the option to scan the QR code again on another device.

0 Kudos
arthurkemp
Contributor
‎03-26-2021 08:47 AM

@Drew_C : OK, seems simple 😉 Thanks so much! Nice weekend!

AshishKe
Moderator
‎03-26-2021 10:22 AM

@arthurkemp  As rightly pointed out by @Drew_C , you could reset the MFA settings for your account from My Settings page. Please see this for more details. Once you reset it, you will be signed out of the community and land on the login page. When you sign in to the community again, you will be prompted to follow the MFA registration process again.

0 Kudos
Authors
Version history
Last update:
‎01-11-2021 11:45 AM
Updated by:
Moderator Moderator