Cymmetri Authenticator

The Cymmetri Authenticator is a robust multi-factor authentication (MFA) mechanism. This mechanism enhances digital security by adding an additional layer of authentication to verify user identity, using a time based OTP (TOTP)

The Cymmetri Authenticator uses the Cymmetri Verifier App that generates time-based one-time passwords (TOTPs) that expire after a short time window. Users must enter these constantly changing codes along with their regular passwords to gain access to their accounts, ensuring that even if a malicious actor obtains their password, access remains highly restricted.

The Cymmetri Authenticator App is user-friendly and easy to set up, often by scanning QR codes provided by the service requiring authentication. It's a valuable tool for businesses and individuals looking to protect their sensitive data effectively.

Configuration

For configuring the Cymmetri Authenticator, select the Cymmetri Authenticator (Time based OTP) toggle button and click confirm to setup Cymmetri Authenticator as an MFA option

Next we move to configure the rules for Multi-factor authentication policy for login

Click on the pencil icon to start editing the rule.

To enable this rule click on the pencil icon in the upper box to toggle on this rule.

Change the dropdown of the Cymmetri Authenticator factor to indicate that it is mandatory (required).

The options available for each factor are:

Required: This setting means that the corresponding factor is required to be enabled for each user, and every user must set up this factor in their next login.

Optional: This setting means that the corresponding factor is not required to be enabled for each user, and they may configure this option from their "My Workspace". Once the user configures it, they may use it for the purpose of second level of authentication during authentication. Disabled: This settings means that the corresponding factor is not required or enabled for each user, and the user may not configure or use it for authentication into the Cymmetri platform.

An administrator can further customize to whom the rule would be applicable by selecting user(s) or group of users in the "Assigned to" Tab, If the rule is to be applied to all the users then the "All Users" option need to be selected

All subsequent logins of any user on the Cymmetri platform will now require the use of the Cymmetri Authenticator Code.

The user needs to setup the Cymmetri Authenticator, for which the user needs to download the Cymmetri Verifier app. The links below can be used to download the Cymmetri Verifier App on Android or IOS:

Once downloaded we need to scan the QR Code as shown below in the Cymmetri Verifier App and obtain a 6 digit code which needs to be entered in the space provided below and verify the user login.

Once successfully verified the user is redirected to the Dashboard

Cymmetri also allow you to customize the Cymmetri Authenticator parameters using the Configuration section. Here you may configure the values as shown below:

OTP Type: Select the OTP Type to be implemented.Time Based is the default value here.

OTP Hash Algorithm: Select the appropriate cryptographic algorithm to generate the OTP. Default option is HmacSHA1.

Number of Digits: The length of the generated OTPs, which can be 6-9 numbers. The default is 6.

OTP Token Period: This number determines how long a one-time password is active before the next one-time password generates. The default is 30 seconds.

Look Ahead Window: The Look Ahead Window considers any possible synchronization delay between the server and the client that generates the one-time password. Default value is 2. The look ahead window can also be set to 0 which means that only the current TOTP can be used.

Note: Whenever the lookahead window value is changed, existing users need to remove there existing configuration and re-register for the changed lookaheadwindow value to be applicable

Supported Applications: Two-Factor Authentication apps that can be used by users to secure their Cymmetri IAM accounts.