Multi-Factor Authentication

<< Click to Display Table of Contents >>

Navigation:  Environments identity and access management > Work Portal access > Bizagi local authentication >

Multi-Factor Authentication

Overview

Multi-factor authentication enhances security by requesting two or more pieces of evidence from the user that is attempting to log in. You can enable multi-factor authentication when using for Bizagi authentication, or the Mixed Authentication (Bizagi + Windows), from the Security Module in Bizagi Studio or the Management Console.

 

The second factor is a verification code, that is sent to end-users via email or SMS.

 

The following graphic explains the multi-factor authentication flow when the code is sent via email, and how Bizagi validates both authentication factors.

 

multifactor_11

 

If you configure the SMS sender, each user can choose the way to send the verification code. If the user chooses SMS, the flow is the following:

 

multifactor_15

 

Prerequisites

You must configure Bizagi authentication and all the password policies. Refer to Bizagi authentication configuration.

If you use SMS you must acquire your own Twillio service.

Activate the multiple factor authentication option in the Bizagi authentication configuration.

 

multifactor_01

 

note_pin

This feature is available when quick login is disabled.

 

Setting Multi-Factor Authentication

Bizagi covers multi-factor authentication by sending a code via SMS or email.

 

Using Multi-Factor Authentication

Once you have enabled multi-factor authentication, Bizagi will send an email or an SMS with the confirmation code to the user attempting log in. Bizagi will ask the user how they wish to receive the confirmation code when they attempt to log in.

 

 

multifactor_02

 

Depending on the chosen option, the user will receive a six digit code that will allow them to log into Bizagi.

 

 

 

multifactor_08

 

The user can enter the confirmation code sent to them and enter Bizagi by clicking Verify.

 

 

 

multifactor_10

 

Similarly the user can request another code if it wasn't received by clicking the Email button.

 

Important considerations

When the maximum number of retries is met, the user will receive a message via the set providers (email or SMS) informing them of this situation.

Each time the validation fails, it will count as a failed login.