How to: Enable Multi-Factor Authentication for Unqork Environments
Overview
Multi-Factor Authentication (MFA) is available for Unqork Designer and environments. Enabling requires users to verify their identity using a secondary authorization method. For example, after enabling MFA, users must enter an authorization code sent to their phones, in addition to using their password credentials. In this article, you’ll learn how to prepare and request Multi-Factor Authentication for your environment.
Based on requirements, Unqork can support , , third-party verification, or authentication by SMS.
Prepare User Accounts for Enabling MFA
To enable , Environment Administrators must verify all user accounts contain a valid phone number. Unqork's MFA uses the phone numbers stored in the Express User Administration and Creator (User) Administration settings.
Administrators can use SSO (Single Sign-On) Login as an alternative login method for user accounts that do not have valid phone numbers.
View a List of Designer and Express User Phone Numbers
To verify that Designer and Express users have phone numbers associated with their accounts, Administrators can download a file containing the list of users and their data.
Learn how to view Designer and Express User lists by clicking on the tabs below:
View Express Users
View Designer Users
View Express User Phone Number List
To view a list Express Users and their phone numbers as an Administrator, perform the following:
1.
From your UDesigner homepage, click .
2.
Under Express Permissions, click Express User Administration .
3.
Navigate to the bottom of the page.
4.
Click Export All Express Users . A file containing a list of Express users and their phone numbers downloads to your machine's local download folder.
View Designer User Phone Number List
To view a list Designers and their phone numbers as an Administrator, perform the following:
1.
From your UDesigner homepage, click .
2.
Under Creator Permissions, click Creator (User) Administration .
3.
From the top right, click Export All Creators . A file containing a list of Creator users and their phone numbers downloads to your machine's local download folder.
Request to Enable Multi-Factor Authentication
After verifying users have phone numbers associated with their accounts, Administrators can request to enable for their environment. To request MFA, submit a ticket to Unqork's Support Services at http://support.unqork.com/ . Include important details in the ticket like the environment (staging, , production), and the where you want MFA enabled.
To request MFA for an environment:
2.
Log into your Unqork Support account. The Unqork Support page displays.
4.
In the Subject * field, enter a description for the ticket. For example: Enable MFA for Environment: training.unqork.io.
5.
From the Request Type * drop-down, select Issue . The Issue Type field displays.
6.
From the Issue Type * drop-down, select Environment Management . The Task Topic field displays.
7.
From the Task Topic * drop-down, select Other .
8.
In the Description * field, enter all relevant information for your request. For example: Please enable MFA access for users in the following environments: training.unqork.io, training-staging.unqork.io.
After submitting a request, Unqork Support will contact you with further directions.
How MFA Works for Unqork Environments
After MFA is enabled, users will be prompted to select either text or call when logging into Unqork. If they have the Authy mobile app installed on their phones, it will be used to provide an authorization code.
MFA Login Page for Designer View
MFA Login Page for Express View
Frequently Asked Questions
Discover common questions about Embedded UI in the section below:
The user did not receive a text message or call.
If the Authy app is installed, it will be used by default to generate the authorization code. In this case, the user will not receive a text message or call.
If the user previously had Authy installed on another phone, they might not receive the text message or call on their new device. In this case, it's recommended they install Authy on their new phone.
Discover more about Authy by clicking the following link: https://www.authy.com/ .
Can MFA be enabled for Designer and Express users independently?
No. After enabling MFA, it applies to both.
What types of MFA delivery are supported?
Unqork MFA supports text (SMS), phone call, and the Authy app. Users receive a prompt to select either text or call options. If they select Text , they receive an enrollment text message with a link to register for Authy, their phone number is not already enrolled, and a code. After enrolling, they must still select Text on the page. Then, they will enter the code from the app instead of receiving a code by text message.Unqork's Embedded UI feature uses cookies to store an auth token. These cookies are used by Unqork to authenticate the end-user.
Can the MFA login page be styled?
Only for the Express login page. Submit a Zendesk ticket requesting a styled Express login page.
Can I use an Express custom login page with MFA?
No. Custom login pages are not compatible with MFA.
Can I use both SSO and Unqork's MFA in the same environment?
Customers can use a mix of local Unqork accounts and accounts in their environment. For example, some users, like internal company users, might use SSO where the provides , while others outside of the company, set up as local Unqork accounts, can use Unqork's MFA.
Does Unqork's MFA work for users who sign in with SSO?
No. The platform's built in is only for local Unqork accounts, which are configured in Express User Administration. For users, MFA is handled and configured in the Identity Provider (), like Entra, Cognito, or Auth0. The IdP also handles functions, like Password Reset, Password Retrieval, or User Profile changes. There is no option to use Unqork MFA in combination with SSO authentication and login.
Can MFA be enabled on a per-user or per-role basis?
No. MFA is a global environment setting applied to all platform users.