Authentication & Security
Increase Security with Multi-factor Authentication
Upon your initial sign-in to an account using a new device or application, the MFA process requires more than just your standard login credentials. The typical routine involves entering your username and password, followed by the introduction of a second authentication element, called the "second factor."
How does multifactor authentication work?
The first time you sign in on a device or app, you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity. For instance, alongside your password, users may be prompted to input a unique code delivered through their Authenticator App or via Text Message (SMS).
Incorporating MFA into your security practices, you add an extra layer of protection, making it more challenging for unauthorized entities to breach your accounts.
How to customize multifactor authentication for my organization?
With the security features offered by KODE Labs, you have the power to customize the multifactor authentication (MFA) process to align seamlessly with your organization's unique needs. Safeguarding logins has never been more customizable or user-friendly.
Enabling and customizing MFA adds an extra layer of security by requiring users to provide a second form of identification.
To start this journey of customization, simply follow these straightforward steps to access the MFA management panel within Launchpad:
Go to Launchpad.
Select “Company” at the bottom of the main left bar.
Go to the “Authentication & Security” tab.
You will be prompted to the “MFA” page from where you can customize the MFA to suit your organization’s needs.
Choose whether to enforce MFA for all users or grant them the flexibility to decide for themselves.
This excludes users that use SSO for authentication.
Choose available MFA frequency options for your organization. You can choose how often users are prompted for MFA during login.
Password Customization Settings
Customizable password settings contribute to system security. Enforcing strong password policies, such as length requirements, character diversity, and regular password changes, reduces the possibility of unauthorized access.
Within this section, you have the flexibility to specify the rules that should be followed for password generation, whether it's for user account creation or password reset.
To customize the password policy, follow these steps:
Go to Launchpad.
Select “Company” at the bottom of the main left bar.
Go to the “Authentication & Security” tab.
Select the “Password” tab.
Password page helps you to secure your environment by giving you control over password details such as lifetime of password, the frequency of changing the password and what a password contains.
Password Complexity is a measure of how difficult a password is to guess.
There are 2 predefined password complexities.
Medium
High
You can customize your password complexity as well, by defining weather the password should include:
Uppercase letters (A through Z).
Base 10 digits (0 through 9).
Non-alphanumeric characters (special characters).
Non consecutive characters
Lockout Settings - are designed to temporarily restrict access to a user account after a specified number of unsuccessful login attempts.
Retries before lockout: You can set a threshold for the maximum number of unsuccessful login attempts allowed before an account is locked out.
Example: You can customize this setting to allow, for instance, five unsuccessful login attempts before the account enters a locked state.
Lockout Time and Unit: Once the specified threshold is reached, you can define a time period during which the account remains inaccessible.
Example: You can configure the lockout time to be 1 hour, during which the account will remain locked, while still allowing legitimate users to regain access promptly after the specified duration.
Password configs
Password history - refers to the practice of keeping a record of previously used passwords for user accounts. The purpose of keeping password history is to prevent users from reusing the same passwords, which can increase security by minimizing the risk of compromised accounts.
Password Expiry Time - Password expiry time is the duration after which a user is required to change their password.
Timeout Settings
You can set session and idle timeout values based on the specific needs for your application.
Set an idle and/or session timeout, by following these steps:
Go to Launchpad.
Select “Company” at the bottom of the main left bar.
Go to the “Authentication & Security” tab.
Select the “Timeout Settings” tab.
Session Timeout - represents the duration a user's session remains active after they log in. When this predefined period goes past without any user activity, the system automatically logs the user out to increase security and protect sensitive information.
Idle timeout - is a subset of session timeout, focusing on the period of user inactivity within an active session. If no user activity occurs during this designated timeframe, the system initiates a logout process.
FAQ for Multi-Factor Authentication (MFA) Use Cases
1. Is MFA Enforced by Default for All Users?
No, by default, MFA is not enforced for users, and they are not prompted to set up MFA during login.
2. Is MFA Required for Users Logging in with Email & Password?
When specifically configured, only users logging in with Email & Password will be prompted to set up and complete MFA.
3. Can Admins Configure Different MFA Options?
Yes, admins can configure various MFA options, such as requiring MFA every login, remembering for 7 or 30 days on known devices. Users will see these options during setup.
4. Does the System Use Device Fingerprinting for MFA Validation?
Yes, device fingerprints are generated on the first login, saved, and associated with user accounts for MFA validation.
5. Will Changing Browsers Trigger MFA?
Yes, changing the browser will prompt Multi-factor Authentication, regardless of the selected 7-day or 30-day frequency.
6. Does Removing Cookies Trigger MFA?
Removing cookies will trigger MFA, independent of the chosen frequency setting.
7. Will Users Be Prompted for MFA Setup on Next Login After MFA Requirements Are Added?
Yes, existing users will be prompted to set up MFA on their next login if MFA requirements are added.
8. How Does MFA Work for Multiple Users in One Browser?
When multiple users log in from one browser, each user maintains their own MFA validation settings, unaffected by other users’ settings, even in mixed modes of browsing.
9. Can Users Configure MFA for Their Accounts?
Yes, users can configure MFA settings for their accounts, which are validated during login.
10. What Happens When an Admin Configures MFA for an Organization?
Users' MFA configurations will be updated according to the organization settings. Users will default to the minimum available option if a previously selected option is removed.
11. What Happens If MFA Valid Remember Time Is Greater Than Session Timeout?
Users will be prompted for MFA verification after the session timeout, even if they have a valid MFA memory time.
12. What Happens If MFA Valid Remember Time Is Less Than Session Timeout?
Users will be prompted for MFA verification before the session timeout occurs.
13. What If MFA Valid Remember Time Is Equal to Session Timeout?
Users will be prompted for MFA verification exactly at the session timeout.
14. What Happens If MFA Valid Remember Time Is Set to 0?
Users will be prompted for MFA verification every time they log in.
15. Can Admins Reset MFA for a User?
Yes, an admin can reset MFA for a user, requiring them to set up MFA again on the next login.
16. Is It Possible to Disable MFA for a User?
Yes, an admin can disable MFA for a user, allowing new users to log in without MFA. Existing users will still be prompted for 2FA.
17. Does MFA Work on Various Mobile Devices and Browsers?
MFA should work seamlessly across different mobile devices and browsers.
FAQ for Password Policy Use Cases
1. What Are the Requirements for Medium Security Level Passwords?
Medium security level requires passwords to have a minimum of 8 characters, including at least one digit, one uppercase letter, and one special character.
2. What Constitutes a High Security Level Password?
High security level passwords must have at least 12 characters and include at least one digit, one uppercase letter, one special character, and no consecutive characters (uppercase, special characters, digits).
3. Can Administrators Create Custom Password Policies?
Yes, administrators can create custom password policies enforcing specific requirements like minimum length, and the inclusion of uppercase, lowercase, special characters, digits, and non-consecutive characters.
4. How Does the System Handle Lockout Time Configuration?
Lockout time can be configured, and after the specified time, users are allowed to retry password entry.
5. What is the Configuration for Retries Before Lockout?
The system allows configuration of the number of retries before lockout. Users will be locked out after exceeding the configured number of retries.
6. How Does Password Expiry Time Configuration Work?
Administrators can configure the password expiration time. Users will be prompted to change their password if it exceeds the configured expiration time.
7. Does the System Check for Leaked Passwords?
Yes, the system checks passwords against breached or leaked databases and prevents users from using compromised passwords.
8. What Happens When a Password Exceeds Its Expiration Time?
Users whose passwords exceed the configured expiration time will be prompted to change their password upon login.
9. What is the Minimum Password Length Allowed?
The system enforces a minimum password length, typically not allowing configurations less than 8 characters.
10. How Does the System Handle Maximum Password Length?
The system can handle and accept passwords with the maximum allowed length, typically up to 64 characters.
FAQ for Session Timeout Settings Use Cases
1. How Is Session Timeout Configured in Days?
Session timeout can be configured in days, and user sessions will log out automatically after the specified number of days of inactivity.
2. How Is Session Timeout Configured in Hours?
Session timeout can also be set in hours, with user sessions automatically logging out after the specified number of hours of inactivity.
3. Can Negative Values Be Set for Session Timeout?
No, the system prevents setting negative values for session timeout and displays an error message for invalid values.
4. How Does the System Handle Idle Timeout in Days?
Idle timeout can be configured in days, terminating user sessions automatically after the specified number of days of inactivity.
5. How Is Idle Timeout Set in Hours?
Similar to day configuration, idle timeout can be set in hours, with sessions ending after the specified number of hours of inactivity.
6. Can Non-integer Values Be Used for Idle Timeout Configuration?
No, the system requires integer values for idle timeout configuration and will display an error message for non-integer values.
Related Articles
Change or reset your password
You can change your password for security reasons or reset it if you forget it. If you forgot your password In order for you to get the reset password email, go to your workspace by accessing the link in the following format: ...Setting up Two Factor Authentication - App Method
The purpose of any Two-Factor Authentication functionality is to increase the security of one or more user accounts by enabling a second method of authentication, in addition to the password. To enable your Two-Factor Authentication functionality via ...Setting up Two Factor Authentication - SMS Method
The purpose of any Two-Factor Authentication functionality is to increase the security of one or more user accounts by enabling a second method of authentication, in addition to the password. To enable your Two-Factor Authentication functionality, ...Identity Management
Adding New Users You will be able to manage your KODE OS and myMSI users from Launchpad. In order to have access to Launchpad you will need to get an access link which will be provided to you by KODE Labs or one of its channel partners. To add a user ...Navigating Launchpad as a Channel Partner
Introduction Welcome to the KODE OS Launchpad! After reading this short user guide, you will be able to manage your clients, products, and access for anything related to KODE OS. The Launchpad will enable you to ensure that all of your clients and ...