Multi-factor authentication (MFA) is a security process that requires more than one method of verification to confirm the identity of someone trying to access a system. It’s like having a second lock on your door; even if someone has the key to the first lock, they still need the right combination for the second one to get in.
Here’s how it works:
Something you know: This could be a password or a personal identification number (PIN).
Something you have: This might be access to your email where you can receive a message with a code, or a security token.
Something you are: This involves biometrics, like your fingerprint or facial recognition.
By combining these factors, MFA provides a higher level of security than just a username and password. It’s like asking for a secret handshake after the password; it ensures that even if someone knows your password, they still can’t get in without the second verification step.
Multi-Factor Authentication in Gruntify
Multi-factor authentication is available in Gruntify for all email and password users. Once enabled, these users will need to enter a code they receive via email after they have supplied their password when logging in. For additional security, this code will expire 5 minutes after it was sent or after 5 incorrect attempts have been made. These measures make it near impossible for an attacker to guess or phish the code from a user as they might with a password. Without access to a user’s email account, bad actors will not be able to access Gruntify even if they have stolen the password of one of your users.
Enabling Multi-Factor Authentication
MFA is enabled at the Workspace level by an Owner (it is currently not possible to enable it for an individual user). If you are a Workspace Owner looking to enable MFA, simply open the Web app and head to Settings > Addons > Multi-Factor Authentication. In the addon sidebar, you will be able to see if there are any costs that will apply to your Workspace when enabling the addon.
The cost displayed (if applicable) only applies to each user that has MFA enabled. This will only include email and password users as MFA is not supported for Single Sign On users with third-party accounts.
There are no configurable options for the MFA addon, so all you need to do is click the ‘Activate’ button to enable it for your users. It may take up to 30 minutes for this change to propagate to all users in your Workspace.
What about Single Sign On (third-party) Accounts?
We don’t support MFA for SSO accounts at this time. If you wish to apply this additional layer of security to those users as well, we recommend that you check with your third-party identity provider. Most providers (including Microsoft Active Directory/Entra and Google Workspace) allow you to enable mandatory MFA for their platforms in their own administration portals.