What is Multi-Factor Authentication?
Multi-Factor Authentication, or MFA, is a two (or more step) verification process where a user is granted access to an application only after presenting two separate sets of credentials. In the case of BoomerangFX, these are an email/password combination, and a verification code which is sent to the user’s mobile phone.
Why do we need Multi-Factor Authentication?
MFA is necessary to help reduce security risks from cyberattacks. A password, on its own, may be vulnerable to hackers. With a secondary authentication, sent to your personal device, we have assurance that the user is the true user, and not someone else.
How does the login process work?
The first step is the login screen. Enter your username and password as normal.
In the second step, a verification code is sent to your mobile device. Enter your code into the Verify Code box and press the Verify Code button.
Once verified, you will be directed to the Manager’s Dashboard.
What happens if a User fails Multi-Factor Authentication?
A user has 5 attempts to successfully login. After the fifth attempt, the user’s account is locked until the MFA Manager (typically your clinic manager) unlocks the account for them.
How do we enable Multi-Factor Authentication for our system?
By default, MFA is enabled in BoomerangFX. MFA administration for all individual users will be maintained by a designated MFA Manager.
To designate an MFA Manager, click on Clinic Setup from the side menu.
In Setup, select Staff Members from the Go To Setup Section Drop-down list.
In the Staff Member List, find the User, and go to their Staff Member Details by pressing View.
In Staff Member Details, press the Edit button.
In the Edit screen, scroll down to the Capabilities section, add a check to the Manage MFA option (1), and press Save Changes (2).
How do we enable Multi-Factor Authentication for a user?
To enable a user’s MFA, click on Clinic Setup from the side menu.
In Setup, select Multi Factor Authentication from the Go To Setup Section Drop-down list.
Select the user from the Select Staff Drop-down list (1). Only Active users without MFA will appear in this list.
Then add the Primary Phone number (2) using the format + (Country Code) (Area Code) (Phone Number), without spaces or dashes and press Save (3). For example, in Canada and US the phone number will appear as +18885551234.
The user will now appear in the MFA list with a Primary Phone number.
How do we update the Primary Phone number or unlock a user’s account?
To update the Primary Phone number, press the Edit icon next to the user’s name.
You can now edit the Primary Phone number (1) or unlock the user by unchecking the Locked checkbox (2). To save your changes, press the Save icon (3). To cancel changes, press the Cancel icon (4).
What is the Backup Phone No.?
The Backup or Secondary Phone Number is a secondary number that can be selected to send the verification code to if the Primary Phone number is unavailable (i.e., Forgot phone at home, phone is damaged). Typically, this number will be that of the MFA Manager.
Please be aware that a Primary Phone Number is still required for MFA.
To add or update the Backup Phone Number, scroll down to the bottom of the screen, enter the Backup Phone Number in the text box and press Save Backup NO.
Watch quick video Tutorial here