Prior to using Multi-Factor Authentication, it must first be set up. Read more about setting this up here.
Multi-Factor Authentication can be enabled in 3 ways:
Per User, at the User's own discretion
Per Tenant, i.e. for each company (and hence each user) owned by the tenant. Users do not have a choice and must use Multi-Factor Authentication
Per User, however, determined by the Administrator. Administrators can select which Users are forced to use Multi-Factor Authentication, and which are not.
Allow Users to Enable Multi-Factor Authentication Freely
Users can choose to enable Multi-Factor Authentication from their Profile Settings.
The 'Enable Multi-Factor Authentication' checkbox must be ticked, while the User can select a preferred default provider. It is recommended that the mobile number is entered in this screen. On the first login attempt, the user will be prompted for his/her mobile number for confirmation.
Globally Enforce Multi-Factor Authentication
Administrators can enforce Multi-Factor Authentication globally, on a Tenant basis. This includes all Users under all Companies administered by the Tenant. This can be enabled from Administration > Main > Settings.
From the Settings tab, click edit and tick the checkbox for the option 'Multi-Factor Authentication: Enforce tenant employees to utilise multi-factor authentication'.
Users will now be forced to use Multi-Factor Authentication. A couple of things to note:
Users who haven't inputted a mobile number will be prompted to input one on login, otherwise they will need to use their email used for Indigo.
Users can still make amendments to Multi-Factor Authentication settings in their personal profile. They can even uncheck the Multi-Factor Authentication checkbox, however it will have no effect, since it is enforced Tenant-wide.
Enforce Multi-Factor Authentication for Particular Users
Multi-Factor Authentication can be enforced for particular Users, through 'Users' in the Administration tab.
To enable Authentication for a user, double-click on him/her, or select the user and click on 'Edit.' Tick the checkbox for 'Requires Multi-Factor', then click Save.
Logging in Using Multi-Factor Authentication
Upon login, Users will be asked for their username and password as per normal. When using Multi-Factor Authentication for the first time, users will be prompted for their mobile number, to single out any anomalies and prevent fraud. Users can select which authentication method they would like to use. If SMS was not enabled as an authentication method, then this option is not allowed.
Depending on the method selected, the user will receive an SMS or an Email with a code accordingly.
The 'Remember this browser?' option, once checked, will not ask the user for a code if logging in from the same computer. If the user tries to login from another location or computer, the code will be requested.