How to enable and manage multi factor authentication (MFA) on Firefish.
Firefish give you the option for additional security when accessing the system by enabling multi-factor authentication.
What is multi-factor authentication (MFA) ?
Multi-factor authentication (MFA) is a method that grants a user access to a system or application only after presenting 2 pieces of evidence specific and unique to that user. For Firefish, this consists of an email address and password with the addition of a 6 digit authentication code. This code is generated in an Authenticator App that has been downloaded to a mobile device.
To use MFA you will need to download an Authenticator app to a mobile device as you will need this to generate your 6 digit code whenever logging in.
Firefish MFA supports the two most widely available and free to download Authenticator apps:
These can be downloaded via your preferred app download method.
Enforcing MFA for all users
As a super user you can choose to enforce MFA for all users (MFA doesn't apply to the candidate or employer portals).
To enforce MFA for all users, go to Settings>System Configuration>Security. Scroll down to the section titled Enhanced Security and you will see the setting labelled Enforce Multi Factor Authentication. Click the red slider to turn it green and click Save. MFA is now enforced for all users.
After this has been enforced, the next time each user attempts to login to Firefish they will be presented with the following pop out after entering their correct email address and password:
The user will need to scan the QR code using an Authenticator app to authenticate and generate a 6 digit code. they will then enter this code into the field below the QR code before clicking Login.
They are now configured for MFA and will be presented with an MFA challenge each subsequent time that they login to Firefish or until the setting is disabled.
Note: If your an Enterprise user, MFA can be enforced from your primary site only and will apply to all sites
Enabling MFA as an individual user
You can choose to enable MFA as an individual user, but only if MFA has not been enforced for all users.
To enable MFA as an individual user, you'll first need to go to My Account which can be found by clicking your name in the top right-hand corner of your system
You'll see a section with the heading Multi Factor Authentication. Clicking the red slider will enable the setting, turning it green and displaying a QR code
You will need to scan this QR code using your Authenticator App to authenticate and generate your 6 digit code. Enter this code into the field below the QR code and click Save.
You're now configured for MFA and you'll see the MFA challenge next time that you login to Firefish or until you disable this setting.
Note: If MFA has been enforced for all users you will not have the option to disable the setting.
Finally if you ever need to reset your Authenticator App, for example, if you change mobile devices you can do this easily here.
Simply click the Reset button to display a new QR code, then follow the above steps to re-configure your MFA.
Logging in with MFA enabled
Once your configured for MFA you'll be presented with an MFA challenge after entering your email address and password, each time that you login to Firefish
You'll need to enter a new code each time you login and this will be automatically generated in your Authenticator app.
If you can't access your Authenticator app then you can click Having trouble? Email code and you'll receive a 6 digit code via email. This code will be valid for 60 minutes. You can edit the content of the template for this email by going to Settings>System Configuration>Email Templates and selecting System from the Module drop down; you'll see the template listed as Multi Factor Authentication - Email Code.
If you have MFA configured, but don't want to be presented with the MFA challenge for a period of time, you can click the checkbox for Remember me for 30 days - you won't see the MFA challenge again for this period of time.
Finally, if you ever forget your Firefish password and have to request a temporary password, you'll still be presented with an MFA challenge before you can login to the system.