Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Configure Multi-Factor Authentication


What is Multi-Factor Authentication(MFA) :
  • MFA adds another method of identity verification in order to secure your accounts. First thing you know – Your username and password. Something unique that you have – Your phone or fingerprint.
  • By combining your username and password with the second method your access becomes more secure and impossible for an attacker to pass it even if they have your password.

MFA methods that miniOrange IDP Supports:

OTP Over Email You receive an OTP on your registered email address which is used for 2nd Factor Authentication.

Note : You will have to configure your Email Gateway before using this method to send emails.

OTP Over SMS You receive an OTP on your registered phone no. which is used for 2nd Factor Authentication. Note : You will have to configure your SMS Gateway before using this method to send SMS to users
OTP Over Email & SMS You receive an OTP on both your registered email and phone no. which cis used for 2nd Factor Authentication.

    Notes :

  1. You will have to configure your Email Gateway before using this method to send emails.
  2. You will have to configure your SMS Gateway before using this method to send SMS to users
Email Link (Out of Band Email) You receive an email that contains two links for either allowing or denying the authentication. You can click on the
allow link to complete the authentication or the deny link to cancel the authentication. Note: Your IDP deployment should be accessible over the internet for the authentication to work.
SMS Email (Out of Band SMS) You receive an SMS that contains two links for either allowing or denying the authentication. You can click on the
allow link to complete the authentication or the deny link to cancel the authentication. Note: Your IDP deployment should be accessible over the internet for the authentication to work.
Security Questions (KBA) In this method, the users configure 3 questions along with their answers from their account. At the time of
authentication, they are prompted to provide answers for 2 of the 3 configured questions. Note : The user has to configure the questions along with their answers prior to using this MFA method.
Phone Verification In this method the user receives a call telling a 4-8 digit numeric key which is used for the 2nd Factor Authentication. Note:  You will have to configure your own Phone Gateway to use this method.
miniOrange Authenticator Methods:
  1. Push Notification
  2. Mobile Authentication
  3. Soft Token
  1. Push Notification : the user receives a push notifications on his mobile which he needs to ACCEPT | DENY.
  2. Mobile Authentication : The process of Mobile Authentication works such as, a user needs to scan the
    barcode
    from his mobile using the miniOrange Authenticator app to proceed.
  3. Soft Token : In this method, User needs to enter the 6-8 numeric key generated in the authenticator app using TOTP algorithm.
Notes :
  1. Prior configuration with the miniOrange Authenticator App is required to use this method.
  2. As all 3 methods are supported in the same app, configuring any of the 3 methods will allow the users to
    use all 3 methods.
  3. Your IDP deployment should be accessible over the internet for the configurations as well as the
    authentications to work.
Google Authenticator In this method, the users need to enter the 6 digit OTP shown in the Google Authenticator App. The OTP keeps
changing every 30 seconds. Note : The users will have to install the Google Authenticator App on their phones and configure it with their
miniOrange account prior to using it as a 2FA method.
Microsoft Authenticator In this method, the users need to enter the 6 digit OTP shown in the Microsoft Authenticator App. The OTP keeps
changing every 30 seconds. Note : The users will have to install the Microsoft Authenticator App on their phones and configure it with their miniOrange
account prior to using it as a 2FA method.
Authy Authenticator In this method, the users need to enter the 6 digit OTP shown in the Authy Authenticator App. The OTP keeps changing every 30 seconds. Note : The users will have to install the Authy Authenticator App on their phones and configure it with their miniOrange account prior to using it as a 2FA method.
YubiKey Hardware Token "YubiKey hardware Token" is a 2fa verification method, in which a user needs to connect a USB into his computer
which generates a token in the form of an alphabetic key. This process works with the combination of OTP & hardware tokens. Note : The user has to configure the hardware token from the end user dashboard prior to using this MFA method.
Display Hardware Token "Display Hardware Token" is a 2fa verification method, in which a user needs to connect a USB into his computer
which generates a token in the form of a Numeric key. Note : You need to assign a hardware token to users before enabling this 2FA method.
FIDO2 (Biometric) In this method, the users need to use built-in authentication methods (Windows Hello, inbuilt figerprint, Biometrics (Face ID or fingerprint)), Hardware Security Token (eg. Yubikey FIDO2 Token) for 2FA verification.
Note :
  • You will have to set up SSL for your IDP deployment prior to using this MFA method.
  • The users would need to register their device from the end user dashboard prior to using this MFA method.
  • The users would be able to register multiple devices for authentication.

How to Enable MFA for the admin account:

  • Login to the admin dashboard.
  • Go to 2-Factor Authentication > Setup 2FA from the side menu.
  • This will open the 2FA Methods configuration page.
  • The Active Method shows the currently active method, the admin will be prompted for MFA with this method.
  • Enable the “Enable Two Factor (MFA) for your own account.” option to enable MFA for the admin logins.
  • miniOrange Identity Platform Admin Handbook: Configure 2FA

  • Click on save for the changes to take effect.
  • Now, the next time the admin initiated login to his account, he will be prompted for completing MFA with the active method.