Articles in this section

Set up multifactor authentication (MFA) for your account

Tom Santiago
Updated

Multifactor authentication (MFA) is an authentication method that requires a user to provide two or more credentials that serve as proof of identity before gaining access to an account. These credentials can be categorized as:

  • Something you know: a password
  • Something you have: a mobile device
  • Something you are: fingerprint, face, retina, or other biometric identifier

For example, one of the most common MFA implementations is:

  1. The user navigates to the integrator.io sign-in page via a desktop browser.
  2. The user enters a username and password.
  3. The user is then prompted to enter a one-time code sent to an authenticator app installed on an authentication device (typically a smartphone).
  4. The user enters the six-digit code from an authentication device into the browser instance.
  5. The user is granted access to the application.

In such implementations, the username and password step operates as "something you know," and the authentication device that receives the code operates as "something you have." This protocol provides a high level of security because it is unlikely that an unauthorized user would be able to steal someone's username and password AND the user's authentication device.

Enable MFA for your account

  1. Sign into the account.
  2. Click the avatar icon in the upper right corner of integrator.io, then click Security
  3. The Security tab opens.
  4. Click Multifactor authentication (MFA) in the left column.
    MFA.png
  5. Click the Enable MFA switch to enable multifactor authentication for your account. 
    EnableMFAforAccount.png

Configure MFA account settings

The Account settings section allows you to apply optional settings for all MFA users.

MFAAccountSettings.png

Do not allow trusted devices: Check this box to remove the ability for users to add trusted devices. Allowing users to add their own computer/browser to the trusted device list eliminates the need for them to enter their six-digit authentication code every time they sign in from the computer and browser they commonly use. If checked, MFA users can’t add trusted devices and must enter the six-digit code from their authentication device every time they sign in regardless of which device they use.

Number of days until MFA is required again for trusted devices: If left blank, MFA users who sign in from trusted devices are only required to enter their six-digit authentication code after 90 days of inactivity from the trusted device. To extend or reduce the default, enter the number of days of inactivity before re-authentication is required.

Using MFA with SSO

You can't configure integrator.io to use both MFA and SSO simultaneously to sign in to your account. If your organization uses SSO, we recommend that you set up MFA with your SSO provider. 

Get verification app

You can use any authentication provider that supports time-based one-time passwords (TOTP). Common authenticator apps include:

Add integrator.io 

After you have chosen your authenticator app and installed in on your mobile device, you must add integrator.io to the list of platforms that can use the authentication service. Each authenticator app has its own process for adding a platform to the authentication list, so consult the setup instructions provided by your chosen authenticator app.

Connect integrator.io to your authenticator app with QR code

Most authenticator apps allow you to use the camera on your device to scan a QR code. Follow the instructions from your authenticator app to add a platform to your authentication list with a QR code.

  1. Click View QR code.
    ViewQRCodePasswordPrompt.png
  2. Enter your integrator.io account password, and click View code. The QR code displays.
  3. Scan the QR code with your device, and the authenticator app will display Celigo (your-email-address@your-organization.com) in the authentication list. The entry also displays a temporary six-digit code that changes every few seconds.
  4. Once the authenticator app displays Celigo in the authentication list, enter the currently displayed six-digit code from your authenticator app in the Verify mobile device field, and click Verify.
    Enter6-digitKey.png

    The "Verification successful" message displays if the code you entered is correct.

    Trust device: A trusted device is the computer and browser you use to access integrator.io. If checked, you will only be required to enter a new six-digit code from your authenticator app after 90 days of inactivity. If left unchecked, you must enter the six-digit code from your authenticator app each time you sign in to integrator.io regardless of which computer or browser you use. See Trusted devices vs. authentication devices.

  5. Click Connect to save your MFA settings.

If you navigate away from the MFA configuration page at any point before you click Connect, your settings will not be saved, and you must repeat all steps for enabling MFA on your account. A confirmation screen displays if you decide to navigate your browser away from the MFA configuration page before connecting your mobile device.

cancelMFA.png

Click Cancel to lose your changes and navigate away from the MFA configuration screen.

If your authenticator app is installed on a device that doesn't have a camera that can scan QR codes, you can use the account and secret key to authenticate. Follow the instructions from your authenticator app to add a platform to your authentication list with a secret key.

  1. Click View Account & secret key.
    ConfirmViewSecretKey.png
  2. Enter your integrator.io account password, and click View key. The account and secret key displays.
    VerifySecretKey.png
  3. Enter the displayed account name and secret key in your authenticator app to add integrator.io to the authentication list.
  4. Once the authenticator app displays Celigo in the authentication list, enter the currently displayed six-digit code from your authenticator app in the Verify mobile device field, and click Verify.
    VerifiedSecretKeypng.png

    The "Verification successful" message displays if the code you entered is correct.

    Trust device: A trusted device is the computer and browser you use to access integrator.io. If checked, you will only be required to enter a new six-digit code from your authenticator app after 90 days of inactivity. If left unchecked, you must enter the six-digit code from your authenticator app each time you sign in to integrator.io regardless of which computer or browser you use. See Trusted devices vs. authentication devices.

  5. Click Connect to save your MFA settings.

If you navigate away from the MFA configuration page at any point before you click Connect, your settings will not be saved, and you must repeat all steps for enabling MFA on your account. A confirmation screen displays if you decide to leave the MFA configuration page before connecting your mobile device.

cancelMFA.png

Click Cancel to lose your changes and navigate away from the MFA configuration screen.

Trusted devices vs. authentication devices

A trusted device is both the browser you use (Chrome, Firefox, Safari) AND the computer you are using to sign in to integrator.io. Do not confuse trusted devices and authentication devices.

  • Trusted device - the computer and browser you use to perform tasks in integrator.io
  • Authentication device - a mobile device with an authenticator app installed that displays the six-digit code you use to confirm your identity

If you are accessing integrator.io from your work computer and you always use a specific browser, adding the computer/browser to the trusted device list eliminates the need for you to enter your six-digit authentication code each time you sign in. 

Managing MFA for your account

No further action is required once you have configured MFA for your account, but if you need to change your authentication device or switch to a different authenticator app from the one you originally configured, you can reset your MFA configuration or delete any trusted devices from your account.  

MFAEnabledOptions.png

Reset MFA for your own account

If you want to switch to a different authenticator app or rebuild your configuration settings, click Reset and then click Reset on the confirmation prompt.

ConfirmResetMFA.png

Enter your integrator.io password to confirm you want to reset your MFA settings.

ResetMFAConfirmWithPassword.png

You can then walk through the previous steps to configure your new MFA settings.

Use this account to reset MFA

If you are not an account owner or an administrator, you must select an account owner or administrator who can reset your MFA settings should you lose your authentication device or decide to leave the organization. You can select the account owner or any administrator of the integrator.io account.

ChooseAnAccountResetMFA.png

Reset MFA for another user

If you are the account owner or administrator that has been assigned MFA reset responsibilities for others, use the following steps to reset MFA for another user's integrator.io account.

  1. Sign in to the account.
  2. Click the avatar icon in the upper right corner of integrator.io, then click Users
  3. The Users tab opens.
  4. Click the ellipsis in the Actions column.
    ResetMFAActions.png
  5. Click Reset MFA. The user can then access the account with an email address and password. Instruct the user to immediately reconfigure security settings for the account. 

Add an authentication device

To add a new authentication device, install your chosen authenticator app on the new device and use the QR code or account and secret key to add your account to the authentication list in your authenticator app.

Delete a trusted device

A trusted device is the browser on the computer you use to perform tasks in integrator.io. Use the following steps to delete a trusted device from your account.

  1. Click Manage devices.
    DeleteMFADevice.png
  2. Click the ellipses (...) in the Actions column next to the device you want to delete, and click Delete device.
    ConfirmDeleteMFADevice.png
  3. Click Delete on the confirmation prompt to delete the trusted device from your account.

What if I am an account owner who can’t reset MFA for my own account?

An account administrator can reset your MFA settings if you are an account owner. Use the following steps to reset MFA settings for an account owner.

  1. Sign in to the account.
  2. Click the avatar icon in the upper right corner of integrator.io, then click Users
  3. The Users tab opens.
  4. Click the elipsis in the Actions column for the account owner.
  5. Click Reset MFA.

Verify that no account owner or administrator can reset MFA for your account. If no such account exists, and you have no other options, contact customer support, and be prepared to provide the following information:

  • Your organization’s name
  • The company email address associated with the locked account
  • Availability in the near future for a Zoom meeting
  • A phone number where you can be reached

For the protection of your organization and your organization’s Celigo account, you will be contacted by the MFA-Reset Team for identity verification. During this call, be prepared to provide at least 2 valid forms of identity such as Driver’s License, Passport, or other government issued identification documents, and a business card or some other evidence of employment with the organization associated with your Celigo account.