- Note: Other Multi-Factor Authentication settings are available.  Visit that page for more information.

Basic Description

As a default, Prime 16 Web provides the ability to use email in a Multi-Factor Authentication (MFA) setup. This expansion allows your organization to allow users to set up and start using Google Authenticator as part of your Multi-Factor Authentication.

All parts of the login experience, including Multi-Factor Authentication may be controlled from easy-to-use administration forms within Prime.

Multi-Factor Authentication Setup

From within Prime 16 Web, navigate to Administration --> Logon and Multi-Factor Authentication (MFA) --> Logon Settings

The Logon Settings allows you to set a number of options for your users:

To allow your users to use Google Authenticator, check the box next to: Enable Google Authenticator MFA

Login With MFA

Step 1 - ConvergeOne Login

The first step in logging in is to verify that you are a authorized user with ConvergeOne. Input your ConvergeOne user name. This is typically in the format of <firstname>.<lastname>, but may vary if another user has the same first and last name.

Step 2 - Staff Number, Password, Email Address(?)

Step 2 will vary, depending on the setup in the system. If the system is set to require the email address be entered, all three items are shown:

If the system is set not to require the email address, only staff number and password are shown:

Enter the required pieces of information and press Log In

Step 3 - Choose your MFA Method

If MFA is not required (i.e., email, text, and phone call MFA are not checked), this step is avoided, as is the MFA Authentication in Step 4.

If only one type of MFA is allowed (e.g., only email is checked), then it is automatically chosen and the user moves directly to Step 4.

If more than one type of MFA is allowed, the user may choose the method of MFA Authentication. For each type, the system shows a partial snapshot of where the authentication message will be sent:

To log on using your Google Authenticator app code, choose Use Google Authenticator by clicking on the circle next to it, and press Send Authentication Code / Proceed.

Step 4 - Enter Authentication Code

Enter the code from your Google Authenticator app. When entered, press Enter Code.

Setup

For organization administrators, to enable users to use Google Authenticator within Multi-Factor login, you need merely enable it in the Administration page. Thereafter, uses can hold their mouse over the Administration option in the menu and select Setup Google Authenticator. After running through a series of confirmation screens, a QR code is displayed. Users can use the Google Authenticator app on their cell phone to capture that to setup and verify their settings. Thereafter, they can use the Google Authenticator to log on to the system.

If you want to reset a user's Google Authenticator settings, go to the Staff screen in Preferences. Use the Clear button to clear the current settings. You can, if you desire, also use the Generate button to create a new secret key. Clearing or generating a new setting here will stop the prior setup from working for that user. They will, thereafter, have to go back through the process above.