Multi-factor authentication

About

Multi Factor Authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password, further verifying users are who they say they are, and who they are logging in as.

Bricsys 24/7 implements MFA with the need to provide an extra security step through an authenticator app, such as Google Authenticator or Microsoft Authenticator.

When you have enabled MFA on your account, the login procedure will require you to enter the code generated by the authenticator app.

MFA may be required at a project level for all project users, but it is activated at a user level by a user.

Downloading an authenticator app

Authenticator apps generate a one-time code that you can use to sign in. These app providers will not have access to your Bricsys 24/7 password and account information.

To download an app
  1. Open the app store of your phone.
  2. Search for ‘authenticator app’.
  3. Download an app from a trusted provider.
    Tip: Check that they have a recovery method if you cannot access your device.
  4. Open the app and follow the instructions.

Multi-factor authentication set up

We are using the QR code method for Authenticator app (MFA) set up. This requires that you set up MFA on one device (for example laptop/desktop or tablet), with an authenticator app on a second (mobile) device that has a camera.

  1. Go to the AUTHENTICATOR tab in your Profile, under Security settings.
  2. Scan the QR code with your Authenticator app to connect your account. To scan the code, the second (mobile) device must have a camera.
    Note: If the QR code gives an error in the mobile app, click the Not able to scan? button and the QR code will be regenerated.
  3. Type the one-time code received in your authenticator app.
    Note: The one-time code will change every 30 seconds.
  4. Optionally, enter your device name.
  5. Once ready, click Continue to finish the mobile authenticator configuration.
  6. If the configured authentication device needs to be changed, it can be deleted from Authenticator page. The page resets to the initial MFA set up page.
Note: An invitee or existing user must contact their admin:
  • If they want to change their email address.
  • If they have MFA active and lose access to the device or app used for authentication.
Note: When you type a wrong one-time code five times or a wrong password, you are locked out of your account for at least 1 minute and incrementally up to a maximum of 15 minutes.

Activate MFA requirement on a project

To activate multi-factor authentication for a project: go to Administration > Project settings > Administrators > Login settings and toggle On the Multi-factor authentication option.

The following warning modal will be displayed to inform the customer admins (which includes the project owner) about the access modification of the specific project.

I understand, switch on MFA
Closes the modal and the changes will be made after pressing Save changes button.

If you do not have MFA set up, the following modal will be displayed:

Note: It is not possible to exit this modal.

After you log out and log in again, the one-time code will be required, and you will be able to access the project where you enabled the MFA.

Note: After MFA is enabled, the MFA icon () will be visible in All projects for your project.
Note: The MFA column in Administration > Users content pane is visible to customer admins only, regardless of whether the project has MFA turned on or not.
Note: The Multi-factor authentication toggle switch is visible for all administrators, but the radio button can be enabled or disabled only by customer admins.
Note: An invitee or existing user must contact their admin if they want to change their email address.