To heighten security for your Replicon accounts, you can set up multi-factor authentication (MFA) in your system. MFA adds extra layers of protection, beyond a password, in case passwords are in some way compromised.
Replicon supports temporary one-time password (TOTP) and email authentication methods of MFA.
Users can be allowed to set up methods themselves. Administrators can also set up email authentication on behalf of users.
Administrators can also:
MFA authentication is device-specific, so users will need to verify each device they use with Replicon.
MFA only works with Replicon authentication, and doesn’t apply to single-sign on (SSO) users.
To specify how often users need to use email authentication when they log in:
To improve the security of your system, you can require users to use an MFA method.
You can enable this functionality for one user at a time, or you can mass edit users to enable this option for many employees at once.
Users with this option enabled will not be able to access Replicon unless they have at least one MFA method enabled. If a user doesn't have at least one MFA method set up, they will be prompted to set one up the first time they log in after the mandatory MFA option is enabled for them. MFA cannot be set up using Replicon Mobile.
If you’re concerned about users losing access to their Replicon account, you might want to enable MFA on their behalf, or communicate the date when you’ll make this change to affected users in advance, to give them a chance to set up MFA before doing so becomes required.
To make MFA mandatory:
Now, when users without an MFA method log in to Replicon, they’ll be shown a page where they’ll be required to set up at least one MFA method before they can access the rest of Replicon.
You can set a default setting for this option that will be applied to any new users you add to Replicon on the Administration > Employees and Organization > User Settings page.
To allow users to enable MFA for themselves:
With email authentication, when a user attempts to log in, they’ll be emailed a code that they’ll need to enter into the login field before authentication will proceed.
To set up email authentication for a single user:
A dialog with an Email Address field displays. This field will be populated with the user’s Replicon email by default.
A verification email will be sent to the user; they’ll have to click a button in that email to complete setup. You’ll know they’ve completed this step when the Waiting Verification status in their user profile changes to Enabled.
You can use the user mass edit feature to set up email authentication for multiple users at once, using the email address already entered in each user’s user profile.
To set up email authentication for multiple users:
If you’ve added email authentication for one or more users, but their user profile still says the account is awaiting verification, you can send the verification emails again.
To resend the email for one user, click the Resend Verification Email link on the main page of their user profile.
To resend emails to multiple users, you can use the mass edit users feature:
If you want a user to stop using a particular authentication method, click the Revoke link located beside that method on the main page of their user profile.
No, MFA only applies to administrators when provisioning CloudClock, not to CloudClock end users.