By applying different authentication factors ranging across different security levels across your whole organization, you're able to protect against unauthorized access to your applications while providing flexibility for users.
MFA Settings for your Organization
You are able to enable different types of MFA methods on an organization basis, so you can control which factor types you want to use in your business. You can customise this on the Teamstack dashboard by going into Security -> MFA Settings. Here it's possible to enable Recovery Keys, WebAuthn, Security Questions, SMS Authentication and/or One Time Passwords. By enabling multiple factor types, you give your users the flexibility of choosing which type they prefer.
Recovery Keys can be used both as a MFA method, but also as a backup in the event you lose access to your account and cannot log in with another factor of authentication. If you generate a new set of recovery keys before using all your old keys, the old recovery keys will be disabled. It's important to generate a new set of recovery codes when all recovery codes have been used, as each code can only be used once and if a new set of codes aren't generated, users will need to get assistance from their admin.
WebAuthn requires either an external USB drive with a code or if the device supports its then biometric data, such as fingerprints can be set up. To set this up, users will need to follow the instructions on screen in their User Profile.
Security Questions can be used as a MFA method, and the user can either set up an answer with one of the pre-defined questions generated by Teamstack or they can create their own question and answer.
SMS Authentication can be used as a MFA method by sending an SMS to the users phone number that the user will need to use to authenticate their account. For this MFA method, there is an additional charge applied for each SMS that is sent out to a user.
One Time Passwords (OTP)
To enable One Time Passwords as a MFA, users will need to download a compatible application (such as Google Authenticator) that can be used to generate a OTP code. When users are logging in they will need to access their OTP application and enter the OTP code displayed to authenticate their account.
In the MFA settings for your organization, you are also able to enable "Enforce MFA". If this is enabled, then users will need to have at least one MFA factor setup to be able to log in to their Teamstack account and organization. This setting enables MFA globally for all users in your organization.