Articles in this section

Set up MFA for your account

Tom Santiago
Updated

Multifactor authentication (MFA) is a method that requires a user to provide two or more credentials that serve as proof of identity before gaining access to an account. These credentials can be categorized as:

  • Something you know: a password

  • Something you have: a mobile device

  • Something you are: fingerprint, face, retina, or other biometric identifier

For example, one of the most common MFA implementations is:

  1. The user navigates to a sign-in page via a desktop browser.

  2. The user enters a username and password.

  3. The user is then prompted to enter a one-time code sent to an authenticator app installed on a device (typically a smartphone).

  4. The user enters the six-digit code from the authentication device into the browser instance.

  5. The user is granted access to the application.

In such a workflow, the username and password step operates as “something you know,” and the authentication device that receives the code operates as “something you have.” This protocol provides a high level of security because it is unlikely that an unauthorized user would be able to steal someone's username and password and the user’s authentication device.

Enable MFA for your account

MFA is required to access the Celigo platform for all partners and customers, with a couple exceptions:

  • The duration of a free trial, until it expires or is converted to a subscription

  • After SSO authentication, unless the account admin additionally requires Celigo MFA

After signing in, you can set up your authenticator app by following the instructions presented:

mfa-first-time.png

Common authenticator extensions/apps include 1Password, Authy, Microsoft Authenticator, Google Authenticator, and LastPass Authenticator. You can reset MFA or choose additional settings at any time.

Configure MFA settings for a user profile

In most cases, MFA will be automatically configured for you without issues. You can add it yourself, if needed, or change the settings by disabling or resetting MFA and proceeding through the steps below.

  1. Step 1 – Set up authenticator app: You can use any authentication provider that supports time-based one-time passwords (TOTP).

    Add integrator.io: After you have chosen your authenticator app and installed it on your mobile device, you must add integrator.io to the list of platforms that can use the authentication service. Each authenticator app has its own process for adding a platform to the authentication list, so consult the setup instructions provided by your chosen authenticator app.

    Most authenticator apps allow you to use the camera on your device to scan a QR code. Follow the instructions from your authenticator app to add a platform to your authentication list with a QR code.

  2. Step 2 – Scan the QR code: Scan it with your device, and the authenticator app will display Celigo (your-email-address@your-organization.com) in the authentication list. The entry also displays a temporary six-digit code that changes every few seconds.

    Tip

    If you weren't able to scan the QR code, you can use your account and secret key to authenticate. Click ( copy.svg) and copy the secret key.

  3. Step 3 – Verify mobile device: Once the authenticator app displays Celigo in the authentication list, enter the currently displayed six-digit code from your authenticator app in the Verify mobile device > Verify setting. The “Verification successful” message displays if the code you entered is correct. 

    mfa-account-reset.png

  4. Select Account for MFA reset the first time. If you are not an account owner or an administrator, you must select an account owner or administrator who can reset your MFA settings should you lose your authentication device or decide to leave the organization. You can select the account owner or any administrator of the Celigo account.

  5. Check the Trust this device for future sign in box. (A trusted device is the computer and browser you use to access integrator.io. If checked, you will only be required to enter a new six-digit code from your authenticator app after 90 days of inactivity. If left unchecked, you must enter the six-digit code from your authenticator app each time you sign in, regardless of which computer or browser you use. See Trusted devices vs. authentication devices.)

  6. Click Enable MFA.

  1. Open the avatar at the top right of the platform, and select Security. The Security tab opens.

  2. Click to open Multifactor authentication (MFA) if the page defaults to another option. Click Set up MFA.

    MFA.png

  3. Enter your account password, and click View to launch the Set up MFA wizard.

    EnableMFAforAccount.png

Administer MFA settings for all users in an account

The Account settings section allows an account owner or admin to apply optional settings for all MFA users.

MFAAccountSettings.png

Do not allow trusted devices: Check this box to remove the ability for users to add trusted devices. Allowing users to add their own computer/browser to the trusted device list eliminates the need for them to enter their six-digit authentication code every time they sign in from the computer and browser they commonly use. If checked, MFA users can’t add trusted devices and must enter the six-digit code from their authentication device every time they sign in regardless of which device they use.

Number of days until MFA is required again for trusted devices: If left blank, MFA users who sign in from trusted devices are only required to enter their six-digit authentication code after 90 days of inactivity from the trusted device. To extend or reduce the default, enter the number of days of inactivity before re-authentication is required.

Using MFA with SSO

You can sign into the Celigo platform both SSO and MFA, and the account admin may require it. If your organization uses SSO, we recommend that you set up MFA with your SSO provider. First set up your SSO, and then MFA. (Users also must first sign in using SSO and then MFA.)

Trusted devices vs. authentication devices

A trusted device is both the browser you use (Chrome, Firefox, Safari) AND the computer you are using to sign in to integrator.io. Do not confuse trusted devices and authentication devices.

  • Trusted device - the computer and browser you use to perform tasks in integrator.io

  • Authentication device - a mobile device with an authenticator app installed that displays the six-digit code you use to confirm your identity

If you are accessing integrator.io from your work computer and you always use a specific browser, adding the computer/browser to the trusted device list eliminates the need for you to enter your six-digit authentication code each time you sign in.

Add an authentication device

To add a new authentication device, install an authenticator app on the new device and use the QR code or account and secret key to add your account to the authentication list in your authenticator app.

Change authenticator

If you run into any issues or want to change the authenticator app,

  1. Open the avatar at the top right of the platform, and select Security. The Security tab opens.

  2. Click Multifactor authentication (MFA) at the left.

  3. Under User MFA settings, click Change authenticator and proceed to provide a new one.

Delete a trusted device

A trusted device is the browser on the computer you use to perform tasks in integrator.io. Use the following steps to delete a trusted device from your account.

  1. Open the avatar at the top right of the platform, and select Security. The Security tab opens.

  2. Click Multifactor authentication at the left.

  3. Under Trusted devices, click Manage devices.

  4. In Manage devices, click the Actions overflow (...) menu next to the device you want to delete, and click Delete device.

    mfa-manage-devices.png

  5. Click Delete on the confirmation prompt to delete the trusted device from your account.

Reset MFA for yourself

After you’ve set up MFA, if you want to switch to a different authenticator app or rebuild your configuration settings, follow the steps below. If you’re blocked before signing in and can’t access your profile, ask an account admin or higher to reset MFA for you.

  1. Open the avatar at the top right of the platform, and select Security. The Security tab opens.

  2. Click Multifactor authentication at the left.

  3. Under Reset MFA, click Reset.

  4. Read the Reset MFA? message and click Reset.

    mfa-reset-mfa-message.png

  5. Enter you password to reauthenticate access to the account.

  6. Proceed to set up MFA again, following the prompts as above.

Reset MFA for another user

If you are the account owner or administrator that has been assigned MFA reset responsibilities for others, follow the steps below.

  1. Open the avatar at the top right of the platform, and select Users. The Users tab opens.

  2. From the Actions overflow (...) menu, click Reset MFA.

  3. Instruct the user to sign in and immediately reconfigure security settings.

What if I need to reset MFA, but I’m unable to sign in?

An account administrator should first seek assistance from an account owner. Barring that option, contact Customer Support and be prepared to provide the following information:

  • Your organization’s name

  • The company email address associated with the locked account

  • Availability in the near future for a Zoom meeting

  • A phone number where you can be reached

For the protection of your organization and your organization’s Celigo account, you will be contacted by the MFA-Reset Team for identity verification. During this call, be prepared to provide at least 2 valid forms of identity such as Driver’s License, Passport, or other government issued identification documents, and a business card or some other evidence of employment with the organization associated with your Celigo account.