User Tools

Site Tools


manual:user_access_security

Back

User Access Security Options

External Authentication

External authentication is the use of third-party authentication source to decide whether a user should be allowed access to MMEx. (external authentication is frequently used by enterprise level systems to easily control visibility and access to a range of programs used by their users, of which MMEx may be one.)

Azure AD

MMEx supports integration with external authentication platform Azure Active Directory (or Azure AD). Single sign-on adds security and convenience to your user management as users sign in once, with one account to access multiple programs, applications and software programs.

User account management is centralised and allows you to add or remove user user access to all programs and applications used by your organisation from one central management point. Users are authenticated for access to MMEx using industry standard protocols.

Click here to see how to configure External Authentication in MMEx.

When the user logs in they log into their Active Directory account first - this is usually the account that the user uses to access a VPN or organisation protected environment - they type that email address as their username in MMEx and they will be logged in without requiring a password to be entered again.

Two Factor Authentication (2FA)

Two-factor authentication (also known as 2FA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. It is a method of confirming users' claimed identities by using a combination of two different factors:

  • knowledge (something the user and only the user knows) example Password
  • possession (something the user and only the user has) example - a one-time-use code

2FA - App

In this version of 2FA a user-controlled password is supplemented with a one-time code generated by an authenticator app on a smartphone that only the user possesses.

In the user profile, locate Two-factor Authentication and click on Manage.

Follow the prompts to install an authenticator app to a device you carry with you. (e.g. Smart phone, tablet, laptop)


Once authenticated you will receive recovery codes. Store these safely so you do not get locked out of your account.
Then click OK.










The next time you log in, have your authentication device handy.
Enter your username and password into MMEx as usual, then on the next screen enter the authentication code currently displaying in your Authentication App for this account.
NB: Codes change every 30 seconds.

.

To disable the Two-Factor Authentication return to your profile, click Manage and then select Disable Two Factor Authentication

2FA - SMS

In this version of 2FA a user-controlled password is supplemented with a one-time code received by SMS to the user's phone.

An MMEx Administrator you can, on behalf of Organisation Administrators, set a requirement for users to use SMS two-factor authentication at the point of logging in. Access to this setting will be transferred to Org Admins ASAP.
In the user profile check the box for Require SMS Login and enter the user's phone number.
NB: the phone number entry field is a different field to the user work/mobile phone number display fields in the user profile. The authentication number is not visible or used in MMEx except on this page and for the purposes of receiving the authentication code.

When the user logs in with username and password, they will be prompted to send the SMS.
An SMS will be received advising of the one time passkey.

Enter the number in the passkey field and click Proceed to complete the log-in.

IP Restriction

In the user profile enter the IP address(es) that you want to restrict the user to logging in from. When the use attempts to log in from an unapproved location they will see this message and will not be allowed to access their account.

manual/user_access_security.txt ยท Last modified: 2020/06/18 02:09 by sarahb