How to: Enable Multi-Factor Authentication for Unqork Environments

Overview

Multi-Factor Authentication (MFA) is available for Unqork Designer and Express Express View is how your end-user views your application. Express View also lets you preview your applications to test your configuration and view the styling. This is also the view your end-users will see when interacting with your application. After configuring a module, click Preview in the Module Builder to interact with the module in Express View. environments. Enabling MFA Multi-factor authentication (MFA) is a MFA (Multi-Factor Authentication) is security measure that requires users to provide multiple pieces of verification to access an account. Adding an extra layer of protection to prevent unauthorized access even if one credential is compromised. MFA is also known as two-step verification.  requires users to verify their identity using a secondary authorization method. For example, after enabling MFA, users must enter an authorization code sent to their phones, in addition to using their password credentials. In this article, you’ll learn how to prepare and request Multi-Factor Authentication for your environment.

Based on requirements, Unqork can support SAML Security Assertion Markup Language (SAML) is a protocol that allows an identity provider (IdP) to send a user's credentials to a service provider (SP) to verify their identity and grant them access to a service., OAuth OAuth, or Open Authorization, is an authorization protocol that lets users grant third-party access to their information without sharing their passwords. OAuth is an industry standard that's used by many companies, including Google, Amazon, and Microsoft., third-party verification, or authentication by SMS.

Prepare User Accounts for Enabling MFA

To enable MFA Multi-factor authentication (MFA) is a MFA (Multi-Factor Authentication) is security measure that requires users to provide multiple pieces of verification to access an account. Adding an extra layer of protection to prevent unauthorized access even if one credential is compromised. MFA is also known as two-step verification., Environment Administrators must verify all user accounts contain a valid phone number. Unqork's MFA uses the phone numbers stored in the Express User Administration and Creator (User) Administration settings.

Administrators can use SSO (Single Sign-On) Login as an alternative login method for user accounts that do not have valid phone numbers.

View a List of Designer and Express User Phone Numbers

To verify that Designer and Express users have phone numbers associated with their accounts, Administrators can download a .CSV Comma-separated values (CSV) is a plain text file format that stores tabular data, such as spreadsheets or databases. CSV files are a common way to store and send data because they are easy to import and export between different programs. file containing the list of users and their data.

Learn how to view Designer and Express User lists by clicking on the tabs below:

View Express User Phone Number List

To view a list Express Users and their phone numbers as an Administrator, perform the following:

1. From your UDesigner homepage, click Administration.
2. Under Express Permissions, click Express User Administration.
3. Navigate to the bottom of the page.
4. Click Export All Express Users. A .CSV Comma-separated values (CSV) is a plain text file format that stores tabular data, such as spreadsheets or databases. CSV files are a common way to store and send data because they are easy to import and export between different programs. file containing a list of Express users and their phone numbers downloads to your machine's local download folder.

View Designer User Phone Number List

To view a list Designers and their phone numbers as an Administrator, perform the following:

1. From your UDesigner homepage, click Administration.
2. Under Creator Permissions, click Creator (User) Administration.
3. From the top right, click Export All Creators. A .CSV Comma-separated values (CSV) is a plain text file format that stores tabular data, such as spreadsheets or databases. CSV files are a common way to store and send data because they are easy to import and export between different programs. file containing a list of Creator users and their phone numbers downloads to your machine's local download folder.

Request to Enable Multi-Factor Authentication

After verifying users have phone numbers associated with their accounts, Administrators can request to enable MFA Multi-factor authentication (MFA) is a MFA (Multi-Factor Authentication) is security measure that requires users to provide multiple pieces of verification to access an account. Adding an extra layer of protection to prevent unauthorized access even if one credential is compromised. MFA is also known as two-step verification. for their environment. To request MFA, submit a ticket to Unqork's Support Services at http://support.unqork.com/. Include important details in the ticket like the environment (staging, UAT Use the UAT (user acceptance testing) environment to realistically test and navigate your applications as end-users would use them., production), and the URL A URL (uniform resource locator) is a unique identifier used to locate a resource on the internet. Also known as a web address. where you want MFA enabled.

To request MFA for an environment:

1. Click the following link: http://support.unqork.com/.
2. Log into your Unqork Support account. The Unqork Support page displays.
3. From the top menu, click Submit A Request.
4. In the Subject* field, enter a description for the ticket. For example: Enable MFA for Environment: training.unqork.io.
5. From the Request Type* drop-down, select Issue. The Issue Type field displays.
6. From the Issue Type* drop-down, select Environment Management. The Task Topic field displays.
7. From the Task Topic* drop-down, select Other.
8. In the Description* field, enter all relevant information for your request. For example: Please enable MFA access for users in the following environments: training.unqork.io, training-staging.unqork.io.

A static image displaying the

9. Click Submit.

After submitting a request, Unqork Support will contact you with further directions.

How MFA Works for Unqork Environments

After MFA is enabled, users will be prompted to select either text or call when logging into Unqork. If they have the Authy mobile app installed on their phones, it will be used to provide an authorization code.

MFA Login Page for Designer View

A static image displaying the Unqork Em Eff A login screen.

MFA Login Page for Express View

A static image displaying the Unqork Em Eff A login screen for express view.

Frequently Asked Questions

Discover common questions about Embedded UI in the section below:

The user did not receive a text message or call.

If the Authy app is installed, it will be used by default to generate the authorization code. In this case, the user will not receive a text message or call.

If the user previously had Authy installed on another phone, they might not receive the text message or call on their new device. In this case, it's recommended they install Authy on their new phone.

Discover more about Authy by clicking the following link: https://www.authy.com/.

Can MFA be enabled for Designer and Express users independently?

No. After enabling MFA, it applies to both.

What types of MFA delivery are supported?

Unqork MFA supports text (SMS), phone call, and the Authy app. Users receive a prompt to select either text or call options. If they select Text, they receive an enrollment text message with a link to register for Authy, their phone number is not already enrolled, and a code. After enrolling, they must still select Text on the page. Then, they will enter the code from the app instead of receiving a code by text message.Unqork's Embedded UI feature uses cookies to store an end-user's End-users, also known as Express Users, are the individuals accessing an application through Express View. In most cases, end-users are the customers using the product. auth token. These cookies are used by Unqork to authenticate the end-user.

Can the MFA login page be styled?

Only for the Express login page. Submit a Zendesk ticket requesting a styled Express login page.

Can I use an Express custom login page with MFA?

No. Custom login pages are not compatible with MFA.

Can I use both SSO and Unqork's MFA in the same environment?

Customers can use a mix of local Unqork accounts and SSO Single Sign-On is an authentication scheme that enables users to use one set of login credentials across multiple services. accounts in their environment. For example, some users, like internal company users, might use SSO where the IdP Identity provider (IdP) provide a service that creates, manages, and verifies users' digital identities, allowing them to securely authenticate and access different applications or services. provides MFA Multi-factor authentication (MFA) is a MFA (Multi-Factor Authentication) is security measure that requires users to provide multiple pieces of verification to access an account. Adding an extra layer of protection to prevent unauthorized access even if one credential is compromised. MFA is also known as two-step verification., while others outside of the company, set up as local Unqork accounts, can use Unqork's MFA.

Does Unqork's MFA work for users who sign in with SSO?

No. The platform's built in MFA Multi-factor authentication (MFA) is a MFA (Multi-Factor Authentication) is security measure that requires users to provide multiple pieces of verification to access an account. Adding an extra layer of protection to prevent unauthorized access even if one credential is compromised. MFA is also known as two-step verification. is only for local Unqork accounts, which are configured in Express User Administration. For SSO Single Sign-On is an authentication scheme that enables users to use one set of login credentials across multiple services. users, MFA is handled and configured in the Identity Provider (IdP Identity provider (IdP) provide a service that creates, manages, and verifies users' digital identities, allowing them to securely authenticate and access different applications or services.), like Entra, Cognito, or Auth0. The IdP also handles functions, like Password Reset, Password Retrieval, or User Profile changes. There is no option to use Unqork MFA in combination with SSO authentication and login.

Can MFA be enabled on a per-user or per-role basis?

No. MFA is a global environment setting applied to all platform users.

Resources