Multi-Factor Authentication (MFA) adds an extra layer of security to your ProfitSword account, protecting your data and ensuring secure access. This article explains how to set up MFA and use it for authentication.
Setting Up MFA:
Upon your first login, if you haven't already configured MFA, you will be prompted to set it up.
You have two options for MFA setup: an authenticator app or email.
Important Note: To use the email option, an email address must be associated with your ProfitSword profile.
a. Authenticator App Setup (Recommended):
Using an authenticator app provides a higher level of security. We recommend using Microsoft Authenticator or Google Authenticator.
- Download an authenticator app: Install your preferred authenticator app (e.g., Microsoft Authenticator, Google Authenticator) on your personal mobile device.
- Scan the QR code: On the ProfitSword setup screen, use your authenticator app's scanning function to scan the displayed QR code.
- Enter the code: Your authenticator app will generate a 6-digit code. Enter this code into the ProfitSword screen to register your ProfitSword user with the app.
b. Email Setup:
- Send the code: Click the button on the ProfitSword screen to send a 6-digit code to the email address associated with your ProfitSword account.
- Check your email: Look for the code in your email inbox (and spam folder).
- Activate MFA: Enter the 6-digit code from the email into the ProfitSword screen to activate email MFA.
Success! Once MFA is successfully configured, you will see a success message.
Authenticating with MFA
After you've configured MFA, you'll be prompted for an MFA code each time you log in to ProfitSword.
- Enter your username and password: Provide your usual ProfitSword username and password.
- Enter your MFA code: You will then be prompted to enter the 6-digit code from your authenticator app or the code sent to your email.
- Optional: "Don’t ask again for 1 week": You can select the "Don’t ask again for 1 week" option. This setting is specific to the browser you are using. We highly recommend using this option only on secure, trusted devices. Once one week has passed, the user will have to Confirm their MFA Code.
If the code is correct, you will be successfully logged into ProfitSword.
FYI:
- Authenticator app codes expire every 30 seconds.
- Email codes have a limited expiration time.
- The sending email is noreply@actabl.com in case it needs to be located within the user's inbox.
-
If your code is incorrect, please try again with a new, unexpired code.
Resetting MFA (Admins Only)
For security purposes, only users with Corporate Administrator (CADM) Permissions can reset MFA for other users. A PS Admin must have MFA enabled on their own account to reset another user's MFA.
We strongly recommend that users request an MFA reset from their onsite administrators rather than contacting Actabl support directly. ProfitSword Support can not reset MFA codes.
To reset a user's MFA:
-
Within the User Administration Screen, Select the 'lock' icon shown under the Actions column.
-
This will prompt the person doing the reset to 'confirm' they want to reset the user's MFA. So long as the requirements are met (resetting user has CADM and has MFA set-up), the reset will be confirmed.
-
If the resetting user does NOT have the proper verification, they will receive a message that the MFA reset has failed.
This sends an email to the end user advising them that their MFA has been reset.
Once MFA is reset, the user will need to log in to ProfitSword with their username and password and re-enroll in MFA using the setup steps outlined above.
Frequently Asked Questions (FAQs)
-
What happens to a user's MFA if they're moved from one hotel to another?
- A: MFA will continue to work, regardless of hotel association.
-
What happens to a user's MFA if the user password is reset?
- A: MFA will continue to work until MFA is explicitly reset by an administrator.
-
What happens to the user's MFA if they are locked or deactivated?
- A: MFA will continue to work whenever the same user is unlocked or re-activated.
-
What happens if my email changes in ProfitSword?
- A: If your user's email changes, Actabl MFA will continue sending MFA codes to the email address configured on your user profile. If MFA is enabled and the user's email is removed, the user will be locked out from using MFA, and an administrator will need to reset MFA for that user.
-
Is there an inactivity timeout associated with MFA?
- A: Yes, the MFA enrollment and authentication screens have their own inactivity timeout, separate from the main ProfitSword session timeout. The MFA timeout is set to 30 minutes of inactivity. If you are idle on an MFA page for 30 minutes or longer, you will be redirected to the login page.
-
Who can reset MFA?
- A: Currently, only ProfitSword administrators can reset MFA. We highly recommend that only onsite administrators reset MFA, as they are better equipped to verify a user's identity.
-
What methods of MFA are supported?
- A: Authenticator app and email. We highly recommend using an authenticator app over email for enhanced security.
-
Will I need to use an MFA code to authenticate every time?
- A: No, users can select "Don’t ask again for 1 week," which will keep you logged in for 7 days. This means at most, you'll need to use an MFA code to log in every 7 days.
-
Is MFA required?
- A: Yes, MFA is required for all ProfitSword users at this time.
-
Can we use an authenticator app on shared devices?
- A: Yes, you can use an authenticator app on shared devices. However, using personal devices for MFA is highly recommended for security.
-
Can we use a shared email for MFA?
- A: No, users should not use shared emails for MFA. Each user should have a unique email address for MFA purposes.
-
Can I enroll in both MFA methods (authenticator app and email)?
- A: Not at this time. Only one method is required, and we recommend using the authenticator app.
-
How does MFA change my login experience?
-
A: MFA makes authentication more secure without sacrificing time and convenience. Users will still need to normal reset cadence of their passwords every 90 days, unless your company is using a shorter reset period.
-
A: MFA makes authentication more secure without sacrificing time and convenience. Users will still need to normal reset cadence of their passwords every 90 days, unless your company is using a shorter reset period.
Comments
0 comments
Article is closed for comments.