Multi Factor Authentication (formerly 2FA or Two Factor Authentication) is where you need an additional bit of information like a one-time use code in addition to your username and password to login. It greatly enhances the security of your account. We have followed industry best MFA practices.
Multi-Factor Authentication is required for all Syncro User accounts. Security is an important core aspect of operating an MSP. Managed Service Providers are contracted by their clients to deploy and maintain their systems so that the client can focus on their business making money. It's important that Syncro has the same security commitment to the Users that are operating on our platform as well. While we have always had the option to enable Multi-Factor Authentication, we feel that the MFA requirement across all accounts as a default behavior helps to ensure businesses stay secure.
What it Does
- Secures your account by requiring the code from an authentication app.
- Allows for recovery using offline recovery codes and/or an SMS recovery code.
- Periodically requires a new code for each browser session (default is every 30 days).
What it Doesn't Do
- Save your passwords or other credentials.
- Generate passwords. We highly recommend the use of strong passwords and/or the use of password managers like LastPass.
Table of Contents
Enable MFA on your account
New User accounts will be automatically prompted on first login to configure MFA, starting at step 4 below.
- In the upper right, click your name.
- In the dropdown menu, click Profile/Password.
- Scroll down and click the Enable Multi-factor authentication button and click OK to confirm.
- On the MFA screen, click Setup MFA and Access Your Account.
- Follow the instructions to download and install an MFA app if you don't have one already.
- Now open the MFA app (such as Google Authenticator or Authy) on your smartphone.
- Scan the QR code to add the account to your smartphone.
- In the Code field in Syncro, enter the Code shown in your authenticator app.
- Click Enable Multi-factor Authentication.
- You may get a screen asking you to enter a Multi-factor Code again. Check your authenticator app in case the code changed, enter the code, and click Verify.
- Great! Now it's enabled. Now click Download Recovery Codes to do that and put them somewhere very safe. You cannot access your account with these if you lose access to that Authenticator Profile you just added.
- After saving the codes, click Next.
- Now you should really also setup a mobile recovery option. Enter your mobile number and click Confirm Recovery Mobile.
- Enter the code you receive on your mobile phone.
- Click Confirm.
Now you are done setting yourself up.
Enforce MFA on all accounts
MFA is automatically required for all accounts. When a new user logs in for the first time, they will be taken to step 4 above.
You can see who has yet to enable MFA either in Admin > Users or with the below steps.
- Navigate to Admin > App Center.
- Scroll down to the MFA card and click Multi-factor Authentication.
Change time setting to reauthorize MFA
All users under your account will be prompted to re-enter an MFA code every 30 days, on all devices and browsers, by default. You can make this more frequent as follows.
- Navigate to Admin > Employees - Preferences.
- Click the MFA Time Setting dropdown and select the desired timeframe, from 1 hour to 30 days.
- Click Save.
Once that time setting elapses for a user, they will need to enter an MFA code from their authenticator app, regardless of their activity or inactivity. Even if users leave browser tabs open with sessions running, our system checks on every web request.
If someone gets locked out, an admin on your account can "unlock" a user account, but without recovery codes or recovery SMS, a user account cannot be unlocked.
Keywords: Multi Factor Authentication, Multi-Factor Authentication, MFA, Two Factor Authentication, Two-Factor Authentication, 2FA, 2 Factor Authentication