Multifactor Authentication for System Users

Overview

To enhance the security of the Management Console, Multi-Factor Authentication (MFA) can be used. This additional layer of security ensures that administrators must verify their identity beyond just using a password, reducing the risk of unauthorized access. In this guide, we will walk you through the necessary steps to enable and configure MFA, explain the available authentication methods, and provide insights into key settings that allow you to customize the MFA experience based on your organization’s security requirements. Please note at this point that multi-factor authentication only applies to Local and Active Directory system users. System users that are created via identity providers do not have a native MFA in Silverback, as this can be realized via the identity provider.

Activation Options 

You have the flexibility to define how Multi-Factor Authentication (MFA) is enabled for system users accessing the Management Console. You can either enforce MFA by default for all users or allow users to activate it at their discretion. This section outlines both options and their configuration steps.

Multi-Factor Authentication Management

From the time the system user has either set their MFA activation themselves or the Enforce MFA method has been activated by the Settings Administrator, all system users who have not yet stored an MFA method will be redirected to the Multi-Factor Authentication page when they attempt to log in to the Management Console.

Login with MFA

• After adding your Phone and/or e-mail address (we recommend to enable both) in the Multi-Factor Authentication Management, press the Login button
• You will be forwarded to the Management Console
• Enter again your username and password and press sign-in
• Now the Multi-Factor Authentication starts and you should receive your One-Time Password to your default method 
• Before entering your One-Time Password, press again Resend two times and remember the earlier mentioned resending period
• Now select another Method and press Resend two times and you will see that the One-Time Password will arrive quickly
• If you now press again and try to Resend it to the same method again, the counter for the resending period kicks in again 
• Now its time to enter your latest generated OTP and press Sign In
• If you see now One-time password is invalid or outdated, send again a SMS to your phone and enter the OTP, followed by pressing Sign-In
• You should now be successfully logged in

Edit your own MFA Methods

• After being logged in, press the Settings icon next to your username on top right 
• Press Edit next to the Enable MFA checkbox
• You will be forwarded to the Multi-Factor Authentication Management
• Change and adopt your methods, and press again login to validate your changes

Review MFA for Others

• Open the Management Console and login as Administrator
• Navigate to Admin
• Select User Management
• Locate the account with which you are currently logged in 
  • Review the Enable MFA checkbox
    • If MFA is not enforced, you can enable or disable MFA from here only for your own account
    • If MFA is enforced, you can't change the option 
  • Look down and locate the Multi-Factor Authentication section 
    • Here you can review the Methods that you added to your account
• Select again User Management and edit any other user
  • The Enable MFA option will be ready only and you can review the MFA methods other users have activated and/or verified

Customize Messages

To conclude this guide, we would like to introduce the option of modifying the messages that are sent. 

• Open the Management Console and login as Settings Administrator
• Under General, locate the Multi-Factor Authentication section
• Here you can modify the content of the SMS, the subject and the content of the E-mail, but ensure to place the {otp} in the content section(s).
• Press save, wait until the changes are applied, confirm with OK and Log Out
• Now Login again and review your changes.