LogoLogo
Archive
Archive
  • Introduction to Cymmetri Cloud 2.0
    • FAQ
      • Adding the Application
      • Supported Web Browsers
      • Forgot Password & Unlock Account
      • Cymmetri Error codes
      • Help
  • Getting Started with Cymmetri Cloud 2.0
    • What is Cymmetri?
    • Starting your Cymmetri Cloud 2.0 Trial
    • Accessing Cymmetri Cloud
    • First Time User Registration
    • Logging in as an end user
    • Setting up Multi-factor authentication rules for Login
  • Administration
    • Reports and Analytics
  • My Workspace
    • Getting Started
      • Introduction
      • Login with External Identity Provider - Social logins
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • Session Management
  • Application Management
    • FAQ
      • Support for Application Management
    • Getting Started
      • Introduction to Application Management
      • Adding Applications to be managed by Cymmetri
      • Assigning Applications to End Users
      • Configuring Connector Server
    • SSO How to
      • Configure Single Sign On
      • Configure SAML 2.0 Single Sign On
      • Configure API SSO
      • Configure OpenID Connect based Single SignOn
    • Provisioning How to
      • Azure Provisioning
      • Active Directory (AD) Provisioning
      • Google Apps (Workspace) Provisioning
      • LDAP Provisioning
      • Powershell Provisioning
      • REST Connector Provisioning
      • SCIM v2.0 Provisioning with Basic Authentication
      • SCIM 2.0 with Bearer Authentication
      • SCIM 2.0 with Fixed Bearer
      • Github Provisioning
    • Reconciliation How to
      • Configuring Reconciliation Process
  • Managing Users and Groups
    • Setting up Users and Groups
      • Create Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Setting up permissions for Delegation
  • Common Features
    • Features used throughout the Cymmetri Platform
      • Workflow Management
      • Configuring Webhooks
      • Multifactor Authentication (MFA)
  • Personalization
    • How to configure your tenant and personalize it
      • Adding new admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Add Branding to your tenant
      • Adding Custom Attributes for User Object
  • Authentication
    • Identity Federation
      • Steps to Configure Azure AD as External IDP for Cymmetri
  • Governance
    • Access Certification
      • Setting up and managing Access Reviews
  • Additional Tools
    • Miscellanous Tools and Utilities
      • Password Filter
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
Powered by GitBook

Cymmetri.com

On this page

Was this helpful?

Export as PDF
  1. Getting Started with Cymmetri Cloud 2.0

Setting up Multi-factor authentication rules for Login

Last updated 1 year ago

Was this helpful?

Cymmetri Identity platform supports login using multi-factor authentication options as -

  1. a second factor of authentication for the password-based login process.

  2. a method of authentication for the password-less login flow. 

The following steps indicate how to set up multi-factor authentication options in your Cymmetri Identity platform instance for both flows

Cymmetri allows flexibility by introducing both modern mechanisms, such as -

1. Time based OTP (through Cymmetri Authenticator mobile application)

2. Time based OTP (through Google Authenticator and other mobile application)

3. Push based Notification (through Cymmetri Authenticator mobile application)

4. SMS OTP

5. Email OTP

In this document, we will go through setting up the Multi-factor authentication options on the Cymmetri Identity Platform, and run through the setup of Multi-factor authentication options and their usage for the login scenario.

Setting up Multi-factor Authentication for the tenant

1. Access Multi-factor authentication by going to Products menu > Multifactor authentication product

2. Next, we select factors sub-menu

3. We now select the Cymmetri Authenticator (Time based OTP) toggle and click confirm to setup Cymmetri Authenticator as an MFA option

4. Similarly we toggle on the Push Notification and SMS Authenticator (OTP) options

5. Next we select the configuration sub-menu to configure the OTP options, here we will enable the Email OTP option by toggling it on.

6. Next we move to configure the rules for Multi-factor authentication policy for login

7. Click on the pencil icon to start editing the policy and change the dropdown of all factors to indicate that they are mandatory (required).

Let us talk about the options available for each factor -

Required - This setting means that the corresponding factor is required to be enabled for each user, and every user must set up this factor in their next login.

Optional - This setting means that the corresponding factor is not required to be enabled for each user, and they may configure this option from their "My Workspace". Once the user configures it, they may use it for the purpose of second level of authentication during authentication. Disabled - This settings means that the corresponding factor is not required or enabled for each user, and the user may not configure or use it for authentication into the Cymmetri platform.

8. Now click on the pencil icon in the upper box to toggle on this rule.

9. All subsequent logins of any user on the Cymmetri Identity platform will now require the use of mandatory MFA for one of these factors.

The following steps indicate how to set up for Password-less login

As an organization or domain administrator, click on the products menu on the left-hand side, and then click on the passwordless button to start configuring password-less authentication option.

Click on the toggle button on the top to enable the password-less login option for the end-users logging into the Cymmetri Identity platform tenant.

Further, as an administrator you may turn on/off the toggle switches to allow/block the end-user from using a particular multi-factor authentication option during password-less login.

  1. TOTP Based - refers to the Cymmetri Authenticator option as indicated earlier in the document.

  2. OTP Based - refers to the SMS Authenticator option as indicated earlier in the document.

  3. Consent Based - refers to the Push Authenticator option as indicated earlier in the document.