This article covers the Security tab for User Records. Here, Users can configure the Multi-Factor Authentication (MFA) settings and view MFA Method enrollments for individual Users.
- Note: The Security tab (MFA) is only available as part of the R365 Professional Package. Contact your CSM or Account Executive to learn how MFA can enhance your R365 experience!
When MFA is enabled, all Users have the ability to opt in to MFA for their User Account. Users who opt in to MFA will have the ability to pick any authentication frequency and may opt out at any time.
To meet the security standards of your organization, it may be necessary to force Users with certain access levels to use MFA. Configuring a User Role to require MFA will ensure that any User with that User Role assigned cannot opt out of the authentication process.
The User Role ‘Require MFA per device’ settings will also define the minimum authentication frequency. The ‘Require multi-factor authentication for every’ setting on the User Record can only be set to options more frequent than the User Role minimum.
For more information on configuring MFA by User Role, please refer to the 'Security & Permissions: Authentication' article.
When a User is viewing their own User Record, they will be able to edit their MFA Methods. That User's MFA Methods will be view-only for all other Users. Learn more about editing MFA Methods here.
Security
Users with one the following Permission will be able to manage MFA settings for other Users:
- Administration → System Setup → MFA Admin
Learn more about managing Permissions and Custom User Roles here. The Permission Access report can be used to determine which User Roles or Users already have these Permissions assigned. Learn more about User Setup and Security here.
Multi-Factor Authentication
1) 'Enable multi-factor authentication' Toggle - When on, the User will be prompted to authenticate their logins.
- Note: This option cannot be adjusted if the User has a User Role that requires MFA
2) MFA Method - Method used to authenticate the User's login
3) Default - Indicates that the MFA Method is the User's default method
- Note: The 'Default' method will always be automatically used when the User is prompted to authenticate their login. All other methods will require that the User manually select them to send an authentication request.
4) Delete - Click to remove the MFA Method
- Note: This is only displayed for Users viewing their own User Record
5) + Add Method - Click to add a new MFA Method
- Note: This is disabled for Users not viewing their own User Record
6) 'Require multi-factor authentication for every' - Frequency that the User is prompted to authenticate their login.
- Note: This option can only be adjusted to options that are more restrictive than the most restrictive option required by User Roles assigned to the User.
Options include:
- Log In
- Note: This is the most restrictive frequency, and the User will be required to authenticate their login every time they log in, regardless of how long it has been since their last authentication.
- 1 Day
- 5 Days
- 10 Days
- 15 Days
- 30 Days
- 45 Days
- 60 Days