Multi Factor Authentication

Ian Alexander
  • Updated
Follow

 Multi Factor Authentication (MFA) (formerly 2FA or Two Factor Authentication)

 

Multi-Factor Authentication is required for all Syncro User accounts.

Security is an important core aspect of operating an MSP. Managed Service Providers are contracted by their clients to deploy and maintain their systems so that the client can focus on their business making money. It's important that Syncro has the same security commitment to the Users that are operating on our platform as well. While we have always had the option to enable Multi-Factor Authentication, we feel that the MFA requirement  across all accounts as a default behavior helps to ensure businesses stay secure.

What it Does

  • Secures your account by requiring a code from an authentication app to secure your account.
  • Allows for recovery using offline recovery codes and/or SMS recovery code
  • Allow you to set the length that sessions are valid (default is 30 days)

What it Doesn't Do

  • Save your passwords or other credentials
  • Doesn't generate passwords. Seriously, we highly recommend the use of strong passwords and/or the use of Password Managers like LastPass.

 

Table of Contents
MFA Time Setting in Employee Preferences

 

Tour

We have tested and verified that both Google Authenticator and Authy function well in Syncro.

New User accounts will be automatically prompted on first login to configure MFA with similar steps to the below manual configuration process.

Manual Configuration

You can first set up MFA yourself by visiting the "Profile/Password" page. Then scroll down and enable it.



You will be in a wizard, and it won't be turned on unless you successfully enter one code.


Now open the Google Authenticator (or similar/compatible app) from your smart phone and scan the QR code to add the account to your smartphone.



Great! Now it's enabled. Now you should download some one-time-use recovery codes and put them somewhere very safe. You can access your account with these if you lose access to that Authenticator Profile you just added



Now you should really also setup recovery SMS

 

Reminder: Store your backup codes somewhere safe!



Now you are really done setting yourself up. If you want, you can force everyone in your company to do this. WARNING: Once you enable it, they are immediately forced into this setup wizard so time it when everyone is ready to set it up or you might lock people out.

If you navigate to Admin > App Center > Multi-Factor Authentication you will see a list of Users with MFA configured and those who are not configured currently.


Reminder: Store your backup codes somewhere safe!
 
 
MFA Time Setting in Employee Preferences
You can choose from a selection of times to decide how long before the system asks you for a MFA code on the same machine and IP/locale. To do that head to Admin > Employee Preferences > "MFA Time Setting"
 
 

Troubleshooting

If someone gets locked out, an admin on your account can "unlock" a user account, but without recovery codes or recovery SMS a user account cannot be unlocked.

 

Keywords: Multi Factor Authentication, Multi-Factor Authentication, MFA, Two Factor Authentication, Two-Factor Authentication, 2FA, 2 Factor Authentication

Related articles