Security is an important aspect of any community. To provide an additional layer of security for user accounts with privileged access rights within the community (usually Admins), Khoros has introduced Multi-Factor Authentication (MFA) support for communities. MFA increases user account security by requiring additional verification factors to prove a user’s identity when signing into the community application. Khoros provides MFA via the authenticator app mechanism.
Once MFA is enabled for a community, all privileged users (identified by the system on the basis of twenty six critical user permissions) will be prompted to set up MFA for their accounts. Users will provide their mobile number, and scan a QR code to add the Khoros community account in an authenticator app of their choice (Google authenticator/ Microsoft authenticator/ Authy, etc).
When these users login to the community, in addition to their username and password, they will have to go through another layer of authentication where they will be entering a Time-based One-Time Passcode (TOTP) from the authenticator app. Post verification, the user will be logged into the community.
First time setup:
Communities can opt for MFA. Open a Support ticket to enable MFA for your community. MFA support is currently available for non SSO communities. SSO Communities should configure MFA at their end with the SSO provider.
You can follow the links below to
Great feature to enhance the security of the community product! Well done team and thank you for the wonderful write up @AshishKe .
I have a few questions:
1. Where can one learn more about privileged users?
2. Is MFA enabled for Atlas?
Thank you @SantoshS !
Regarding your questions:
1. To know about the permissions that require MFA, you could go to Learn more about MFA.
2. MFA is not enabled for Atlas as MFA support is currently available for non SSO communities.
@AshishKe : Hi, my work mobile had a problem with the camera so I had to use my private mobile to use the authenticator. The problem is fixed, so I want the authenticator entry from my private mobile transferred to my work mobile. How can I do that? BR Arthur
I imagine it's like most other 2FA/MFA registration processes. If so, you'll need to disable MFA on your account and then re-enable it to be presented with the option to scan the QR code again on another device.
@arthurkemp As rightly pointed out by @Drew_C , you could reset the MFA settings for your account from My Settings page. Please see this for more details. Once you reset it, you will be signed out of the community and land on the login page. When you sign in to the community again, you will be prompted to follow the MFA registration process again.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.