Multi-Factor Authentication

Shortcuts to sections

• The importance of MFA 
• Mandatory for Xero
• Turn Multi-Factor ON
• User Actions for MFA setup

Critical Safeguard

Multi-factor authentication (MFA) is essential because it adds a critical second layer of security, blocking over 99% of account takeover attacks even if your password is stolen. By requiring a combination of something you know (password) and have (phone/token) it stops unauthorized access, protects against credential stuffing, and secures sensitive personal or corporate data.

Bi4Cloud support MFA and you In the Organisation screen you can set MFA ON for your organisation.

Mandatory for Xero

If you have a Xero file connected to your organisation then Xero require you to have MFA on and you will see this message. For Xero Multi-Factor Authentication is mandatory

The reason MFA is required is data sensitivity.  Bi4Cloud have passed Xero's Security Assessment and are on the Advanced Developer tier. 

This allows access to sensitive data like Journal endpoint that can include payroll journals and bank transactions.  Users of Bi4Cloud that have not had user restrictions set can possibly see this data and their authentication must not be compromised and accordingly they must use multi-factor authentication.

Even if you don't use Xero it's a really good  idea for your users have authentication with MFA to keep your information safe.

Managing Multi-Factor Authentication

Turn MFA by going to Organisation screen set the following fields

•  Use MFA for Bi4Cloud User Account ? Set ON  
  • This enable MFA for your organisation
• Use MFA for New Bi4Cloud User Accounts ?  Set ON
  • When a new user is created they will setup their password and when they first login they will setup MFA in authenticator app. 

Existing users can be disrupted not know they need MFA so for them you go to their User Profile and set Require Multifactor Verification ON . Then on their next login they will setup MFA in authenticator app. This enables a smooth transition of your existing users.

• Goto the User Admin and see who has MFA enabled. 
• Click Edit

• In Update User click Options > Manage Multifactor Verification

  

• A pop window reveals the slider and slide Require Multifactor Verification
• The second slider is used if the user loses the authenticator app and it will reset MFA for the user to setup again

The next steps are in the hands of you user. A user will now setup their password and when they try to login they will be asked to snap a QR code or enter MFA seed key.

These steps are laid out in the article User actions for MFA setup that you should share with your users to guide them to secure their login.