Multi-Factor Authentication
Audience
Audience: Administrators Edition: Enterprise
Overview
Multi-Factor Authentication (MFA) is a security feature that adds an additional layer of protection to your account by requiring users to enter a unique code, in addition to their username and password, in order to sign in.
OrgChart users can enable MFA and use any popular authentication app (i.e. Google Authenticator) to access their account.
Admins can require users to use MFA, easily audit which users have MFA configured, and even override the requirement for certain users.
This article provides step-by-step instructions for enabling MFA in your OrgChart account.
Important
MFA does not interfere with SSO configurations or embedded web links.
Users that access the application via SSO or via a link embedded in your company's intranet will not be asked to re-authenticate with MFA.
Enabling MFA
Log in to OrgChart.
Click on the My Settings menu in the top right corner, and then select the Preferences option.
Click on the Multi-Factor Authentication Settings button.
Follow the three steps outlined in the MFA Settings dialog, and then click on Verify Code and Activate.
MFA is now activated.
Signing In with MFA
Navigate to your OrgChart server.
Enter your username and password, and then click on Sign In.
Open your authenticator app, and locate the entry for OrgChart.
Enter the unique six digit code into the text boxes, and then click on Sign In Securely.
Administering MFA
After an Admin configures MFA for themselves, they will have access to the following additional MFA options:
Requiring MFA for All Users
Admins can require all users to use MFA in order to sign in to the application. We suggest that Admins prompt their users to set up their MFA before requiring it at the account level.
Log in to OrgChart.
Click on the Mode Switcher icon in the Top Toolbar, and then select the Setup option. The Setup panel is displayed.
Click on the Account Settings tile, and then select the Authorization option from the left side menu.
Check the Multi-Factor Authentication is Required to Login checkbox.
Important
Admins have to configure MFA for themselves before they can require it for all users. If you have not yet configured MFA for your own user, you will be prompted to do so.
If some users have not yet configured MFA, the following alert is spawned:
Click on No to not require users to sign in with MFA. You can then audit user MFA status and contact those who still need to configure MFA. Reference the Audit User MFA Status section below for more information.
Click on Yes to require users to sign in with MFA. You can send one-time login emails to users that have not yet configured MFA, or override MFA for certain users. Reference the MFA Setup Link and Overriding MFA sections below for more information.
Audit User MFA Status
Admins can easily audit the MFA status of each user in the Account Settings: Manage Users panel.
Optionally, you can click on the icon in the top right corner to export an Excel Spreadsheet of your users. You can filter by MFA status in this report.
MFA Setup Link
Once MFA is required for users to sign in, Admins can send individual users a one-time login email containing MFA setup instructions directly from the Account Settings: Manage Users panel.
Mouse over the user, and then click on the icon.
Click on the Email MFA Setup Link option.
An email containing setup instructions is sent to the user. The user's MFA status will update as soon as the user configures MFA.
Overriding MFA
Admins can choose to override the MFA requirement for certain users in the Account Settings: Manage Users panel.
Mouse over the user, and then click on the icon.
Check the Override Multi-Factor Authentication checkbox. The MFA Status is changed to 'Bypassed.'
Click on Update.