Multi-Factor Authentication (MFA)

MFA


Multi-Factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as GVO. 

Rather than just asking for a username and password, MFA requires an additional verification factor, which decreases the likelihood of a successful cyber attack. 

GVO allows for the following levels of MFA to be set up to allow local flexibility....

MFA Options for GVO


The main level of additional authentication required is via an Authentication App on your smart device (such as Google Authenticator or Authy or Microsoft Authenticator or use the in-built Authenticator in Apple device under Passwords) - these can be download free from the relevant App store for your smart device, this may be a smart phone or a tablet/iPad.

If MFA is enabled on your GVO then the set up of MFA for a user is a two step process - registration (done just once) and login authentication (at a frequency determined by your local GVO manager - any frequency from daily to monthly).

NOTE: If a user (active or inactive) has access to more than 5 GVOs then MFA is ALWAYS required and 'Trusted Device' is not available - this is an additional security measure.

Devices (Smartphone, Tablet, iPad, Laptop, PC) can be set as 'Trusted Devices' which reduces the number of times login authentications are required (see above - not available if the user has access to more than 5 GVOs).

NOTE: For users that do not have a smart device there is an option to be set up to receive email one-time passcodes (OTP) as a backup. This can be arranged by your local GVO Manager.

Here are links to the key steps to set up and use MFA (for users) and managing the MFA set-up in a GVO (for GVO Managers).

  1. Authentication Apps
  2. MFA Registration (one-time)
  3. MFA Login (periodically)
  4. Trusted Devices
  5. MFA Master settings (GVO Manager)
  6. Self-Managing User MFA settings (Users)
  7. Managing User MFA Settings (GVO Manager)
  8. Users with accounts in more than one GVO
  9. MFA Implementation Plan (Managers)
  10. MFA - setting a user to use email access codes (Manager Only)
  11. MFA - moving to a new device (eg phone, tablet)


To set-up MFA the user must Register the MFA via the Authenticator and then generate an MFA Login code via the authenticator (the frequency this is needed is defined via the 'trusted device' settings). The instructions for Registration and Login are detailed in the links above.

In order to see the MFA status of users in a GVO go to Users, Boards & Reporting and select 'User Reporting' - if MFA is switched on in the GVO (optional, suggested or required) there will be an extra column showing MFA status for each user (none, MFA by App, MFA by email).

MFA status

If you have any questions about setting up and using MFA in GVO please contact the GVO Support desk on 01273 920166 or support@thegvoffice.com