Multi-Factor Authentication (MFA) is available for Unqork Designer and Express environments. Enabling MFA requires users to verify their identity using a secondary authorization method. For example, after enabling MFA, users must enter an authorization code sent to their phones, in addition to using their password credentials. In this article, you’ll learn how to prepare and request Multi-Factor Authentication for your environment.
Based on requirements, Unqork supports SAML, OAuth, third-party verification, SMS authentication, or email.
Prepare User Accounts for Enabling MFA
To enable MFA, Environment Administrators must verify all user accounts contain a valid phone number or email. Unqork's MFA uses the phone numbers and email addresses stored in the Express User Administration and Creator (User) Administration settings. MFA only applies to local users and does not work for SSO users.
Administrators can use SSO (Single Sign-On) Login as an alternative login method for user accounts that do not have valid phone numbers.
View a List of Designer and Express User Phone Numbers
To verify that Designer and Express users have phone numbers associated with their accounts, Administrators can download a .CSV file containing the list of users and their data. Email addresses are required by default.
Learn how to view Designer and Express User lists by clicking on the tabs below:
View Express User Phone Number List
To view a list of Express Users and their phone numbers as an Administrator, perform the following:
From your UDesigner homepage, click Administration.
Under Express Permissions, click Express User Administration.
Navigate to the bottom of the page.
Click Export All Express Users. A .CSV file containing a list of Express users and their phone numbers downloads to your machine's local download folder.
View Designer User Phone Number List
To view a list of Designers and their phone numbers as an Administrator, perform the following:
From your UDesigner homepage, click Administration.
Under Creator Permissions, click Creator (User) Administration.
From the top right, click Export All Creators. A .CSV file containing a list of Creator users and their phone numbers downloads to your machine's local download folder.
Request to Enable Multi-Factor Authentication
After verifying users have phone numbers associated with their accounts, Administrators can request to enable MFA for their environment. To request MFA, submit a ticket to Unqork's Support Services at http://support.unqork.com/. Include important details in the ticket like the environment (staging, UAT, production), and the URL where you want MFA enabled.
To request MFA for an environment:
Click the following link: http://support.unqork.com/.
Log into your Unqork Support account. The Unqork Support page displays.
From the top menu, click Submit A Request.
In the Subject* field, enter a description for the ticket. For example:
Enable MFA for Environment: training.unqork.io.From the Request Type* drop-down, select Issue. The Issue Type field displays.
From the Issue Type* drop-down, select Environment Management. The Task Topic field displays.
From the Task Topic* drop-down, select Other.
In the Description* field, enter all relevant information for your request. For example:
Please enable MFA access for users in the following environments: training.unqork.io, training-staging.unqork.io.
Click Submit.
After you submit a request, Unqork Support contacts you with further directions.
How MFA Works for Unqork Environments
After you enable MFA, users see a prompt to select text, call, or email when they log in to Unqork. If users have the Authy mobile app installed on their phones, the app provides an authorization code.
MFA Login Page for Designer View
MFA Login Page for Express View
FAQ
The user did not receive a text message or call.
If the Authy app is installed, the app generates the authorization code by default. The user does not receive a text message or call.
If the user previously had Authy installed on another phone, they might not receive the text message or call on their new device. In this case, they should install Authy on their new phone.
Discover more about Authy by clicking the following link: https://www.authy.com/.
Can MFA be enabled for Designer and Express users independently?
No. After enabling MFA, it applies to both.
What types of MFA delivery are supported?
Unqork MFA supports text (SMS), phone call, email, and the Authy app. Users see a prompt to select text or call. If a user selects Text and their phone number is not already enrolled, they receive an enrollment text message with a link to register for Authy and a code. After enrolling, users must select Text on the page and enter the code from the app instead of receiving a code by text. Unqork's Embedded UI feature uses cookies to store an end-user's auth token. Unqork uses these cookies to authenticate the end-user.
Can the MFA login page be styled?
Only for the Express login page. Submit a Zendesk ticket requesting a styled Express login page.
Can I use an Express custom login page with MFA?
No. Custom login pages are not compatible with MFA.
Can I use both SSO and Unqork's MFA in the same environment?
Customers can use a mix of local Unqork accounts and SSO accounts in their environment. For example, internal company users might use SSO where the IdP provides MFA. Users outside the company, set up as local Unqork accounts, can use Unqork's MFA.
Does Unqork's MFA work for users who sign in with SSO?
No. The platform's built-in MFA is only for local Unqork accounts configured in Express User Administration. For SSO users, the Identity Provider (IdP), like Entra, Cognito, or Auth0, handles and configures MFA. The IdP also handles Password Reset, Password Retrieval, and User Profile changes. You cannot use Unqork MFA with SSO authentication and login.
Can MFA be enabled on a per-user or per-role basis?
No. MFA is a global environment setting applied to all platform users.