Set Up Multi-Factor Authentication
Administrators can set up multi-factor authentication for all users, for specific user policies, or specific users.
Multi-factor authentication increases system security since users must provide a code besides their password when they log in to the system. Users can generate such codes with an authenticator app such as Google Authenticator or Microsoft Authenticator.
Multi-factor authentication is available on sites that use the IdentityServer and do not allow guest login. Sites using an external identity provider such as OKTA must configure multi-factor authentication through their external provider.
-
Go to System Tools > System Options.
-
On the MFA tab, select the Enable Multi-Factor Authentication option.
-
Select a global default setting and then select Finish.
-
Select ON to enable multi-factor authentication for all users of the system. You can define exemptions to this rule on a user policy or a user account level.
-
Select OFF to disable multi-factor authentication for all users of the system. You can define exemptions to this rule on a user policy or a user account level.
-
-
(Optional) Define exemptions to the global default setting on a user policy level.
You can set up user policies to use the global default setting for multi-factor authentication or enable or disable it for the user policy. Refer to User Policies for more information.
-
(Optional) Define exemptions to the user policy setting for specific users.
You can set up user accounts to use the default setting of the user policy for multi-factor authentication or enable or disable it for the user account. Refer to Change User Preferences for more information.
