Follow the information outlined below to learn about the MFA option for any given user and understand what changes you can expect from the login process as a result of enabling it.
No doubt the first question on your mind will be, whether the enrolment of MFA will change the login process for a user?
Previously, only a username or email address and password would be required upon log in for an SSO user, whether you were logging into; SSO Home, Rezlynx, Distribution Hub etc.
Once enrolled in MFA, you will also need to provide an extra verification method in addition to a username or email address and password. This will be in the form of a OneTimePassword from the authentication application of choice and it will be required either every time you log in, or every 30 days if you choose to remember the device.
We would recommend installing an authenticator application of choice before continuing with the following steps to enable MFA for an SSO user.
There are a multitude of free authenticator applications out there that can be used. The list below shows some of the popular applications that may meet your requirements to complete OneTimePassword support. Please check any licensing or other concerns with your IT providers.
App Name |
Available on |
Download |
Microsoft Authenticator |
Phone app only |
|
Google Authenticator |
Phone app only |
|
Authy |
Phone app only |
|
2 Factor |
Desktop & Phone app ** |
|
WinAuth |
Desktop app only ** |
|
Microsoft Edge authenticator |
Browser extension ** |
Note: **It is recommended to choose a mobile phone authentication device over a desktop/browser extension for heightened security. However, we understand that some hotel policies do not allow for this and so desktop and browser extension apps have been included in this list. Again, please check any licensing or other concerns with your IT providers.
Contents of this article include:
Log in with Multi Factor Authentication
Enabling MFA
The steps below detail how to enable the enrolment process for MFA.
Once the authenticator has been downloaded and installed. The user will need to log in to the SSO platform homepage and navigate to Users.
Select the required user account from the list of users. Then toggle on MFA for the user account.
The user will sign in as normal.
In the example given below the authenticator app of choice is WinAuth a desktop only application.
They will then be greeted with a QR code to scan.
If not using the phone app, click Trouble Scanning? which gives the option to view and “Copy code”.
Paste the code into the chosen MFA app (in this case WinAuth), and click Verify Authenticator.
Once verified, copy the 6 digit authentication code (in this example 123456), and paste into the Guestline MFA screen.
Important: This will now link the authenticator with the SSO account – you only need to complete the above steps to set up MFA – you will not need to follow these steps each time you log in.
Log in with Multi Factor Authentication
To log into your Guestline account using the downloaded and installed MFA application, follow these steps:
Log in to Guestline platform homepage, entering your usual username/email and password.
You will be requested to Verify Your Identity by entering the one-time code from your MFA application.
Open your MFA application on your phone or PC, to gain the code.
Enter the code into the Verify your Identity screen. You may choose to tick Remember this device for 30 days to prevent this MFA request each time you log in.
Click Continue to enter Guestline systems.
How to reset MFA
If a user is unable to access their account because they can’t complete MFA, a colleague with the "Update Permissions” user permission will need to reset MFA for them.
For security reasons, Guestline are unable to reset a user’s multi-factor authentication.
Within the users account, under Security, click Reset MFA
Once Reset MFA is clicked, a confirmation pop-up will appear, informing of the consequences of resetting the user’s MFA – i.e. that it will un-enrol the user from MFA and that they will have to set it up again in the future, if they want to use it.
Click “Yes”.
A confirmation of the reset will appear in the bottom left corner of the screen.
When the user next logs in, they will be instructed through the MFA enrolment process once again.
Recovery Methods
If you do not have access to your MFA device, then you have an additional option to regain access to your account using a recovery code.
You will need to log in as normal and select “Try another method”, when prompted for your authenticators one time code.
You will then be met with the following 2 options. The "Google Authenticator or similar" method is not a viable option if you have no access to your authentication device, so select “Recovery code”.
Enter the recovery code that you were prompted to save through the MFA enrolment process and press “Continue” again.
You will then be met with the following screen which grants you a new recovery code, that you must copy and save somewhere safe.
You must select the tick box to confirm you have safely recorded the code and then press “Continue”.
Upon pressing continue you will be successfully logged back into the platform.
Disabling MFA
Where possible, MFA should not be disabled unless the user is wanting to set up a different verification method. MFA can be disabled via the users account page in SSO.
Once disabled, if the user has access to the User management options, please be aware these will no longer be available to use.
Also note that disabling MFA will significantly reduce the security of the account.
For further FAQ's please click here
Comments
0 comments
Article is closed for comments.