Overview

Multi-factor Authentication (MFA)

Multi-factor authentication (MFA) is a security measure that requires users to verify their identity through multiple authentication factors. This adds an extra layer of security to protect sensitive information and data from being accessed by unauthorized individuals.

MFA works by requiring users to provide at least two different types of authentication factors before they can access their account or complete a transaction. These authentication factors can include something the user knows, such as a password or PIN, something the user has, such as a smartphone or smart card, or something the user is, such as a fingerprint or facial recognition.

By requiring multiple factors of authentication, MFA significantly reduces the risk of unauthorized access, as an attacker would need to obtain not just one, but multiple forms of authentication. In addition, many MFA systems also provide additional security features, such as the ability to track login attempts and alert users to suspicious activity.

MFA is becoming increasingly popular as a security measure in many industries and is also recommended by security experts as a best practice for individuals to protect their personal online accounts.

When using a system that requires MFA, users should be prepared to provide the necessary authentication factors each time they log in and should also be aware of the security risks associated with MFA and take steps to protect their authentication factors, such as keeping their devices and passwords secure..

Meshed Platform

The Meshed Platform login process can be enhanced by enabling Multi-factor Authentication (MFA).  

Meshed Platform Multi-factor authentication (MFA) functionality overview:

• MFA is enabled or disabled systemwide.
• Only SAdmin Users can configure MFA.
• Only SAdmin Users can enable or disable MFA for Users (Staff, Students, Teachers, Agents)
• Only SAdmin Users can manage MFA for enabled Users
• Uses a 6 digit One Time Passcode (OTP) for logging in. 
• User OTP is provided via email. The User email address is used for sending the User OTP. 
• The OTP is a unique password that expires and can only be used once, as the name suggests.
• User can resend a new OTP.
• User logging in is only successful with a valid OTP. 

By default the Meshed Platform Multi-factor Authentication functionality is disabled.

Configuration and Management

Feature Access

Only SAdmin Users have access to the Admin > Configuration and Setup > Multi-Factor Authentication menu tab. 

This menu tab displays the MFA Configuration and Management functionality.

Configuration

Navigate to the 1. MFA Configuration tab.

By default, MFA is disabled in a Meshed Platform until it has enabled by a ‘SAdmin’ User.  

MFA is enabled by selecting Enabled.

When MFA is Enabled the additional configuration fields are displayed.

Currently the User OTP is provided via email only. The User email address is used for sending the User OTP. 

MFA can be applied individually to the following User roles:

• Staff
• Student
• Teacher
• Agent

Click Setup to save the changes.

The MFA configuration History is displayed.

Manage Users

Navigate to the 2. View Enabled MFA Users tab.

Search to view the list of Users and the OTP status of each User.

Expired OTP codes can be re-generated by clicking on Gen New Code.

User Login

When a MFP enabled User successfully logs in to the Meshed Platform with their correct Username and Password a 6-digit OTP is generated and sent to the User email.

The User enters the generated OTP to authenticate their log in.

If the correct OTP is entered and verified, the User will be logged in to the Platform.

If an invalid or expired OTP is entered an error message is displayed.

Users can request a new OTP by clicking Send New Code. The system will generate a new OTP and send it to the User’s email.