Multi-Factor Authentication

Professional Business


Multi-factor authentication (MFA) is a security process that requires more than one method of verification to confirm the identity of someone trying to access a system. It’s like having a second lock on your door; even if someone has the key to the first lock, they still need the right combination for the second one to get in.

Here’s how it works:

  • Something you know: This could be a password or a personal identification number (PIN).

  • Something you have: This might be access to your email where you can receive a message with a code, or a security token.

  • Something you are: This involves biometrics, like your fingerprint or facial recognition.

By combining these factors, MFA provides a higher level of security than just a username and password. It’s like asking for a secret handshake after the password; it ensures that even if someone knows your password, they still can’t get in without the second verification step.

Multi-Factor Authentication in Gruntify

Multi-factor authentication is available in Gruntify for all email and password users. Once enabled, these users will need to enter a code they receive via email after they have supplied their password when logging in. For additional security, this code will expire 5 minutes after it was sent or after 5 incorrect attempts have been made. These measures make it near impossible for an attacker to guess or phish the code from a user as they might with a password. Without access to a user’s email account, bad actors will not be able to access Gruntify even if they have stolen the password of one of your users.

image-20240614-041232.png
Pictured above is the prompt that users will see when logging in.
image-20240614-041329.png
Once they see the MFA prompt, they will receive an email like this with their code.

 

Enabling Multi-Factor Authentication

MFA is enabled at the Workspace level by an Owner (it is currently not possible to enable it for an individual user). If you are a Workspace Owner looking to enable MFA, simply open the Web app and head to Settings > Addons > Multi-Factor Authentication. In the addon sidebar, you will be able to see if there are any costs that will apply to your Workspace when enabling the addon.

The cost displayed (if applicable) only applies to each user that has MFA enabled. This will only include email and password users as MFA is not supported for Single Sign On users with third-party accounts.

There are no configurable options for the MFA addon, so all you need to do is click the ‘Activate’ button to enable it for your users. It may take up to 30 minutes for this change to propagate to all users in your Workspace.

What about Single Sign On (third-party) Accounts?

We don’t support MFA for SSO accounts at this time. If you wish to apply this additional layer of security to those users as well, we recommend that you check with your third-party identity provider. Most providers (including Microsoft Active Directory/Entra and Google Workspace) allow you to enable mandatory MFA for their platforms in their own administration portals.

Regarding OData

If you use the OData reporting service for connecting Gruntify to PowerBI or Excel, you will likely have an email and password account dedicated for that purpose. You should note that if you enable MFA, the OData connection will break for that user as there is no way to complete the MFA challenge via the Reporting service.

For this reason, if you require that a single email and password account be excluded from your workspace MFA requirements, please raise a support ticket in our Service Portal and let us know the email address of that user account. Once you have enabled MFA at the Workspace level, we will be able to individually exclude that account from MFA on our end.

If you have any questions or concerns about this process, don’t hesitate to ask our friendly support team.


Related Content