This feature was developed as an additional security measure for back office access. It consists of an additional screen after the usual login page where you will be asked to provide a One Time Password (OTP).
The idea is for the MFA to be adopted gradually and for it to be optional to begin with, still allowing the user to input a One Time Password upon login.
If the MFA is set to Mandatory it will also try to log you out after 2 hours of inactivity(*), but first offer you the option to “save†your session from being timed out via a confirmation popup.
(*) - we currently count activity every time a script loads so if theoretically you are working on one program, no page refreshes or anything, for 2 hours then you will see the timeout confirmation popup.
In system option we have MFA Settings. Is the status is off no one can use MFA or signup for MFA
File Maintenance > Sys Config > MFA
A. Status: On or Off → establishes whether the MFA is active or not
B. Mandatory or Optional (comes into play only if MFA is ON):
Mandatory
upon login will require OTP with the option to “Signup for MFA†presented
the same will go for any other back office user at this point
Optional
upon login will request OTP with the option to “Signup for MFA†presented
a ‘Skip’ button will be available on the OTP screen so you actually don’t need to signup or provide an OTP
The idea is to be able to get accustomed to the MFA, but not enforced
C. Signup for MFA → if you want to signup for MFA, same process as the signup part of the login process
Optional mode OTP
Mandatory Mode OTP (No option to 'Skip')
User who as previously signed up for MFA
Will not be given option to Signup for MFA for security reasons; only an Admin will now be able to reset their MFA status so they can sign up again if necessary.
(Skip button is there just for Optional mode)
Popup will display at which point you need to scan the QR code with one of the supported Authenticator apps on your phone.
The Reset MFA can be performed by Admins (status 9) via the File Maintenance > Employee maintenance > Edit program
If the MFA is set to Mandatory the system will attempt to log you out after 2 hours of inactivity (*).
(*) - we currently count activity every time a script loads so if theoretically you are working on one program, no page refreshes or anything, for 2 hours then you will see the timeout confirmation popup.
A few minutes before your session expiry you should see a popup similar to this one which will offer the option to take some action in order to prevent session expiry.
If the user fails to take any action the session will expire redirecting to the back office login screen.