As data protection is always a high priority, administrators can configure the following login policies to further increase data protection while balancing the efficiency and safety requirements desired for your users.
Setup > Account > Login Policy.
- Multi-factor authentication. Select between mobile phone, email or Google Authenticator (available on all Enterprise Plans).
- Password policy. Customize your password policies to the desired security settings, such as minimum password length, password complexity requirements, length of time before password must be changed, and maximum number of invalid login attempts.
- Session timeout definition. Select between interval-based (frequency of logins required) or inactivity-based (re-login required if user has been inactive for a specified period of time).
After an administrator activates the MFA process, your users will be prompted upon their next login to set up their MFA method of authentication:
- Mobile phone
- Google Authentication
Single sign-on and MFA
If your organization is already using Single Sign-On (SSO) as your authentication process, you can integrate the SSO feature with SWSD. SSO vendors usually offer built-in MFA support, so SSO will supercede MFA authentication.
Additional use of MFA would be for external users. Even if your internal team identifies upon login via SSO, external users such as outside contractors can safely login to SWSD via MFA without an SSO account.
For more information about single sign-on, seeSingle sign-on
Multi-Factor Authentication (MFA)
To activate multi-factor authentication for some or all of your users:
- Navigate to Setup > Account > Login Policy, and toggle the pill bar to On.
- Apply to all users or specific roles. If you select Specific roles, click in the Specify roles field to define which roles from the dropdown menu.If you select Specific Roles but fail to specify which roles, multi-factor authentication will not be activated.
- Under Method, select the method(s) of authentication. You can select one, two, or all three options listed.
SWSD offers a number of customization options that allow you to modify your password policies to achieve the desired security settings for both your requesters and service agent users.
Minimum password length
Password complexity requirements
Maximum invalid login attempts
Session timeout definition
Customization options allow you to modify your session policies to require requesters and service agent users to re-login after set time parameters. Select one of the options to set the time period for your desired security setting, and select a time frame for that option.
- Interval based
- Inactivity based
If at any time a user is unable to complete the login authentication process due to a change in phone number or an unexpected error, an administrator can reset the MFA setup via the button in the User index.
Navigate to Users & Groups > Users.
From the Users index page, click the link to the user's name to open the record.
Click Actions and select Reset multi-factor auth. setup.
When the user first tries to log in after MFA is activated by an administator, the user is prompted to authenticate on the user desktop and any mobile devices using SWSD.
If the authentication method is mobile phone:
The user is informed of the new authentication step and is asked to enter a mobile number.
A code is sent to the mobile number provided. The user must enter the code at the verification prompt.The code is only valid for 30 minutes, after which a new code is required.
If the authentication method is Google Authenticator:
The user can scan the QR code and enter the verification code provided.
The user will be prompted to provide a verification method.
After initial setup, the user will always receive a prompt to select which method to receive a verification code.
When a user updates their mobile number on the User profile page, and MFA is active, they need to click Verify to authenticate the phone number via MFA.