The ability for a user to alter there MFA settings is through their "My profile" page (/users/profile). On the left-side-panel their will be a link to "Enable MFA" or "Disable MFA" depending on the current setting.
When the current setting is disabled, the user may enable it by doing the following:
-
Click the "Enable MFA" link in the left-side-panel. The user will be redirected to a page explaining the process of enabling MFA (/users/mfa_enable).
-
Read and click the "Enable MFA" button. If the user understand the explanation and has the needed authentication software on their mobile device, they are to click the "Enable MFA" button. (There is a "Cancel" button to abort the process at this point.) The user will be provided with a modal containing a QR code and an input field to confirm connecting their MFA device with their account. (There is a "Cancel" button to abort the process.)
-
Scan and confirm. Using the authentication app on their mobile device, the user is to scan the QR code. A new rotating secondary password will be provided to them. In the provided "Confirm with MFA Code" input field, they will need to supply the secondary password to confirm device is associated correctly. They should click "Submit" to confirm, or "Cancel" to abort enabling MFA.
-
On confirm, re-login with MFA enabled session. The user will be logged out to do a fully MFA authenticated session.
When the current setting is enabled, the user may disable it by doing the following:
-
Click the "Disable MFA" link in the left-side-panel.
Related Topics