Multifactor Authentication (MFA)

Multi-factor Authentication is a mechanism used across the Cymmetri Identity platform to deal with a second level authentication.

Typically employed using off-band mechanisms, Cymmetri allows flexibility by introducing both modern mechanisms, such as -

1. Time based OTP (through Cymmetri Authenticator mobile application)

2. Time based OTP (through Google Authenticator and other mobile application)

3. Push based Notification (through Cymmetri Authenticator mobile application)

4. SMS OTP

5. Email OTP

In this document, we will go through setting up the Multi-factor authentication options on the Cymmetri Identity Platform, and run through the setup of Multi-factor authentication options and their usage for the login scenario.

Setting up Multi-factor Authentication for the tenant

1. Access Multi-factor authentication by going to Products menu > Multifactor authentication product

2. Next, we select factors sub-menu

3. We now select the Cymmetri Authenticator (Time based OTP) toggle and click confirm to setup Cymmetri Authenticator as an MFA option

4. Similarly we toggle on the Push Notification and SMS Authenticator (OTP) options

5. Next we select the configuration sub-menu to configure the OTP options, here we will enable the Email OTP option by toggling it on.

6. Next we move to configure the rules for Multi-factor authentication policy for login

7. Click on the pencil icon to start editing the policy and change the dropdown of all factors to indicate that they are mandatory (required).

Let us talk about the options available for each factor -

Required - This setting means that the corresponding factor is required to be enabled for each user, and every user must set up this factor in their next login.

Optional - This setting means that the corresponding factor is not required to be enabled for each user, and they may configure this option from their "My Workspace". Once the user configures it, they may use it for the purpose of second level of authentication during authentication. Disabled - This settings means that the corresponding factor is not required or enabled for each user, and the user may not configure or use it for authentication into the Cymmetri platform.

8. Now click on the pencil icon in the upper box to toggle on this rule.

9. All subsequent logins of any user on the Cymmetri Identity platform will now require the use of mandatory MFA for one of these factors.

End user configuring Multi-factor authentication

Please download the Cymmetri Authenticator App from

1. Google Play Store - https://play.google.com/store/apps/details?id=com.unotech.cymmetri&hl=en_IN&gl=US 2. iOS App Store - https://apps.apple.com/in/app/cymmetri-authenticator/id1535591771

1. Since all the multi-factor authentication options are made mandatory (required), the user is prompted to set up their Cymmetri Authenticator first.

2. Clicking on the icon shown below will prompt the setup of the Authenticator app

3. User may download the Cymmetri Authenticator app from Play Store or App Store and then scan the authorization QR code to setup the time-based OTP and enter the OTP received on the mobile app onto the UI.

4. Next, we are prompted to setup Push Authenticator as a multi-factor authentication option.

5. Similarly scanning the QR code received from the previous step after clicking "Push Authentication" link, will show the mobile characteristics on which the QR code is scanned from the Cymmetri Authenticator app.

End user using multi-factor authentication for logging onto the Cymmetri Platform

1. Upon entering their username and password, the user is prompted to perform multi-factor authentication

2. Choosing Cymmetri Authenticator will prompt the user to enter the six-digit OTP they have received on their Cymmetri Authenticator App

3. Choosing Push Authenticator will prompt the user via a push notification on their mobile device with the Cymmetri Authenticator app installed to accept/reject login request.

4. Finally, choosing SMS Authenticator will send an OTP on the user's registered mobile number and their e-mail Address since we have enabled "Receive OTP on email" toggle button.