Sign In With Multi-Factor Authentication (MFA)

Administrators can bolster their security by enabling multi-factor authentication (MFA) for users logging in to OPEN DISCOVERY. Once enabled, users are required to use a secondary device (such as a mobile phone) to confirm their identity when attempting to sign in to OPEN DISCOVERY. An authentication app, which the user can download onto their secondary device, provides a time-based, one time passcode (TOTP) that the user can input when logging in to OPEN DISCOVERY.

Common authentication apps available for download include: Google Authenticator, Microsoft Authenticator, FreeOTP, Authy, and Protectimus Smart OTP.

For answers to common questions related to multi-factor authentication, see FAQ: Single Sign-on and Multi-Factor Authentication.

Note: Multi-Factor Authentication and Two-Factor Authentication are used interchangeably in this topic.

Enable Multi-Factor Authentication

Administrators can enable multi-factor authentication in the System Manager. After signing in to OPEN DISCOVERY with administrator credentials, follow the steps below to enable multi-factor authentication:

Note: Before enabling multi-factor authentication, your server should be synced to an NTP server. This ensures consistency between OPEN DISCOVERY and the authentication app.

  1. Click the Settings icon in the top-right corner of the screen. The Settings icon is a global button that displays in every module of the OPEN DISCOVERY platform.
  2. The System Manager opens. In the left pane of the System Manager, click Security Settings.

  1. Click the slider next to Two Factor Authentication to enable this feature.

Sign in with Multi-Factor Authentication

Once multi-factor authentication has been enabled, users must synchronize an authentication app on a secondary device (such as a mobile phone) with their OPEN DISCOVERY account in order to log in. Users can accomplish this by following the steps in this section:

  1. Download an authentication app to a mobile phone or other secondary device. There are many authentication apps available for download, such as Google Authenticator and Microsoft Authenticator. The only requirement for the authentication app is that it uses a time-based, one-time passcode.

  2. The first time you sign in to OPEN DISCOVERY after multi-factor authentication has been enabled, a screen appears with instructions on how to synchronize your authentication app with your OPEN DISCOVERY account. This screen displays both a QR code and a secret key. To initiate the synchronization, either scan the QR code on this screen using your authentication app, or input the secret key where prompted in your authentication app.
  3. Your app generates a 6-digit verification code. Input this code into the Verification Code field on the OPEN DISCOVERY screen. Each code is valid for 90 seconds. Once the 90 second window has elapsed, a new code must be used instead.
  4. Click Verify. If valid, the authentication app is successfully configured and OPEN DISCOVERY signs in.

    Note: If invalid, wait for a new code to generate in your app. Input the new code, ensuring that all digits are correct and that you click Verify before the code becomes invalid. If still unable to sign in, contact an Administrator for assistance.

  5. For all subsequent logins, after inputting your user credentials on the OPEN DISCOVERY login screen, a Two-Factor Authentication screen displays. Open your authentication app to access the latest verification code. Then input this code into the Verification Code field on the Two-Factor Authentication screen. Click Verify to log in.

 

Related Topics

FAQ: Single Sign-on and Multi-Factor Authentication

Configure Single Sign-on (SSO)