How to: Enable Multi-Factor Authentication for Unqork Environments

Overview

MFA (Multi-Factor Authentication) is available for Unqork Designer (or Creator Also known as Unqork Users, or Designer Users; is anyone who is inside the Unqork platform.) and Express Express View is how your end-user views your application. Express View also lets you preview your applications to test your configuration and view the styling. This is also the view your end-users will see when interacting with your application. After configuring a module, click Preview in the Module Builder to interact with the module in Express View. environments. Enabling MFA Multi-factor authentication (MFA) is a MFA (Multi-Factor Authenticatin) is security measure that requires users to provide multiple pieces of verification to access an account. Adding an extra layer of protection to prevent unauthorized access even if one credential is compromised. MFA is also known as two-step verification.  requires users to verify their identity using a secondary authorization method. For example, after enabling MFA, users must enter an authorization code sent to their phones in addition to using their password credentials. In this article, you’ll learn how to prepare and request Multi-Factor Authentication for your environment.

Based on requirements, Unqork can support SAML Security Assertion Markup Language (SAML) is a protocol that allows an identity provider (IdP) to send a user's credentials to a service provider (SP) to verify their identity and grant them access to a service., OAuth OAuth, or Open Authorization, is an authorization protocol that lets users grant third-party access to their information without sharing their passwords. OAuth is an industry standard that's used by many companies, including Google, Amazon, and Microsoft., third-party verification, or authentication by SMS.

Prepare User Accounts for Enabling MFA

To enable MFA Multi-factor authentication (MFA) is a MFA (Multi-Factor Authenticatin) is security measure that requires users to provide multiple pieces of verification to access an account. Adding an extra layer of protection to prevent unauthorized access even if one credential is compromised. MFA is also known as two-step verification., Environment Administrators must verify all user accounts contain a valid phone number. Unqork's MFA uses the phone numbers stored in the Express User Administration and Creator (User) Administration settings.

Administrators can use SSO (Single Sign-On) Login as an alternative login method for user accounts that do not have valid phone numbers.

View a List of Designer and Express User Phone Numbers

To verify that Designer and Express users have phone numbers associated with their accounts, Administrators can download a .CSV Comma-separated values (CSV) is a plain text file format that stores tabular data, such as spreadsheets or databases. CSV files are a common way to store and send data because they are easy to import and export between different programs. file containing the list of users and their data.

Learn how to view Designer and Express User lists by clicking on the tabs below:

Request to Enable Multi-Factor Authentication

After verifying users have phone numbers associated with their accounts, Administrators can request to enable MFA Multi-factor authentication (MFA) is a MFA (Multi-Factor Authenticatin) is security measure that requires users to provide multiple pieces of verification to access an account. Adding an extra layer of protection to prevent unauthorized access even if one credential is compromised. MFA is also known as two-step verification. for their environment. To request MFA, submit a ticket to Unqork's Support Services at http://support.unqork.com/. Include important details in the ticket like the environment (staging, UAT Use the UAT (user acceptance testing) environment to realistically test and navigate your applications as end-users would use them., production), and the URL A URL (uniform resource locator) is a unique identifier used to locate a resource on the internet. Also known as a web address. where you want MFA enabled.

To request MFA for an environment:

1.

Click the following link: http://support.unqork.com/.

2.

Log into your Unqork Support account. The Unqork Support page displays.

3.

From the top menu, click Submit A Request.

4.

In the Subject* field, enter a description for the ticket. For example: Enable MFA for Environment: training.unqork.io.

5.

From the Request Type* drop-down, select Issue. The Issue Type field displays.

6.

From the Issue Type* drop-down, select Environment Management. The Task Topic field displays.

7.

From the Task Topic* drop-down, select Other.

8.

In the Description* field, enter all relevant information for your request. For example: Please enable MFA access for users in the following environments: training.unqork.io, training-staging.unqork.io.

9.

Click Submit.

After submitting a request, Unqork Support will contact you with further directions.

How MFA Works for Unqork Environments

After MFA is enabled, users will be prompted to select either text or call when logging into Unqork. If they have the Authy mobile app installed on their phones, it will be used to provide an authorization code.

Frequently Asked Questions

The user did not receive a text message or call.

If the Authy app is installed, it will be used by default to generate the authorization code. In this case, the user will not receive a text message or call.

If the user previously had Authy installed on another phone, they might not receive the text message or call on their new device. In this case, it's recommended they install Authy on their new phone.

Discover more about Authy by clicking the following link: https://www.authy.com/

Can MFA be enabled for Designer and Express users independently?

No. After enabling MFA, it applies to both.

What types of MFA delivery are supported?

Unqork MFA supports text (SMS), phone call, and the Authy app. Users receive a prompt to select either text or call options. If they select Text, they receive an enrollment text message with a link to register for Authy, their phone number is not already enrolled, and a code. After enrolling, they must still select Text on the page. Then, they will enter the code from the app instead of receiving a code by text message.

Can the MFA login page be styled?

Only for the Express login page. Submit a Zendesk ticket requesting a styled Express login page.

Can I use an Express custom login page with MFA?

No. Custom login pages are not compatible with MFA.

Can a customer use SSO with the platform MFA?

Yes. Customers can use a mix of SSO Single Sign-On is an authentication scheme that enables users to use one set of login credentials across multiple services. and MFA-enabled platform login to support multiple user types. For example, internal users setup with a enterprise IdP Identity provider (IdP) provide a service that creates, manages, and verifies users' digital identities, allowing them to securely authenticate and access different applications or services. and external users setup in Unqork.

Can MFA be enabled on a per-user or per-role basis?

No. MFA is a global environment setting applied to all platform users.

Resources

• Single Sign-On (SSO) Management

• Express User Administration

• Creator (User) Administration

• Authy Authentication Application: https://www.authy.com/