Multi-Factor Authentication

<< Click to Display Table of Contents >>

Navigation:  Bizagi Studio > Security definition > Work Portal Security > Work Portal Authentication > Bizagi authentication >

Multi-Factor Authentication


Multi-factor authentication enhances security by requesting two or more pieces of evidence from the user that is attempting to log in. You can enable multi-factor authentication when using for Bizagi authentication, or the Mixed Authentication (Bizagi + Windows), from the Security Module in Bizagi Studio or the Management Console.


The second factor is a verification code, that is sent to end-users via email or SMS.


The following graphic explains the multi-factor authentication flow when the code is sent via email, and how Bizagi validates both authentication factors.




If you configure the SMS sender, each user can choose the way to send the verification code. If the user chooses SMS, the flow is the following:





You must configure Bizagi authentication and all the password policies. Refer to Bizagi authentication configuration.

If you use SMS you must acquire your own Twillio service.

Activate the multiple factor authentication option in the Bizagi authentication configuration.





This feature is available when quick login is disabled.


Setting Multi-Factor Authentication

Bizagi covers multi-factor authentication by sending a code via SMS or email.

To set your SMTP provider, refer to E-mail server configuration.


Using Multi-Factor Authentication

Once you have enabled multi-factor authentication, Bizagi will send an email or an SMS with the confirmation code to the user attempting log in. Bizagi will ask the user how they wish to receive the confirmation code when they attempt to log in.





Depending on the chosen option, the user will receive a six digit code that will allow them to log into Bizagi.






The user can enter the confirmation code sent to them and enter Bizagi by clicking Verify.






Similarly the user can request another code if it wasn't received by clicking the Email button.


Important considerations

When the maximum number of retries is met, the user will receive a message via the set providers (email or SMS) informing them of this situation.

Each time the validation fails, it will count as a failed login.