Tenant-level MFA in a Nutshell
Tenant-level MFA configuration allows you to manage global MFA settings shared by all the workspaces under a given tenant. On the tenant level, you can enable specific MFA authentication factors (phone and/or email) and customize the SMS and e-mail providers. You can also immediately test your configuration by sending a test e-mail or SMS message.
To ensure ease of use, Cloudentity acts as the default service provider sending both SMS and e-mail messages. You only need to get involved in the configuration if you want to customize the message or change the service provider to Twilio (in case of SMS verification) or use a custom Simple Mail Transfer Protocol (SMTP) server (in case of e-mail verification).
On the workspace level, you can handle all local, workspace-specific settings.
Read More
For more information on how to configure MFA for your workspace, see Transactional MFA with Cloudentity.
For more details on what MFA is and why it’s a good idea to have it, read about MFA in a nutshell.
Prerequisites
- Access to an Cloudentity tenant
Configure MFA for Tenant
Setting up MFA on the tenant-level requires
-
Setting up the providers of the MFA method(s) in use
Enable MFA on Tenant
-
Go to Tenant Settings -> MFA Settings.
-
Enable the MFA methods on a tenant (Phone Verification and/or Email Verification).
-
If your e-mail or SMS providers are not yet configured, set them up as described below.
Set up SMS MFA Verification
-
Go to MFA Settings -> Phone verification and pick the SMS provider that’s going to send you verification codes.
- CLOUDENTITY - Cloudentity’s default SMS provider
- TWILIO - Twilio SMS communications platform
-
Set up details for the selected delivery provider:
- Cloudentity
Parameter Description Verification message Custom message including the OTP shared with the user. Refer to OTP through a variable, as in [[OTP]]
.OTP lenght Length of the OTP being issued. OTP expiration How long the OTP remains valid. - Twilio
Parameter Description Twilio SID Your Twilio account ID. Twilio Auth Token Your Twilio Auth Token. For details, see Twilio support documentation. From From specifies the Twilio phone number, short code, or Messaging Service that sends this message. It must be a Twilio phone number that you own, formatted with a +
and country code, e.g.+16175551212
(E.164 format).Verification message Custom message including the OTP shared with the user. Refer to OTP through a variable, as in [[OTP]]
.OTP length Length of the OTP being issued. OTP expiration How long the OTP remains valid. -
Save your changes.
Test Phone Verification
In the Send test message section, you can check if your setup works fine and your text message displays as expected. Enter the Recipient number and hit Send.
Set Up Email Verification
Set up the SMTP server either by using the Cloudentity out-of-the-box solution, or connect your own SMTP server.
-
Go to Tenant Settings -> MFA Settings -> Phone verification and pick the SMTP server to be used for sending emails. Choose between
- CLOUDENTITY - Cloudentity’s SMTP server
- CUSTOM SMTP - your own SMTP server
-
Set up details for the selected delivery provider:
- Cloudentity SMTP server
Parameter Description Sender friendly name Custom sender address. Email subject Custom e-mail title. Verification message Custom verification message - you can enter your custom e-mail template here. Refer to OTP using a variable, as in [[OTP]]
.- Custom SMTP server
Parameter Description SMTP Auth mechanism Select the auth mechanism used by your server. SMTP host Provide the host name of your server. SMTP port Provide the port of your server. Username Username used to authenticate to the SMTP server. Password Password used to authenticate to the SMTP server. Sender friendly name Custom sender address. Email subject Custom e-mail title. Verification message Custom verification message - you can enter your custom e-mail template here. Refer to OTP using a variable, as in [[OTP]]
. -
Save your changes.
Test E-Mail Verification
In the Send test message section, you can check if your setup works fine and your email message displays as expected. Enter the address of the Email recipient and hit Send.
-
Having configured the tenant-level MFA, proceed to configuring MFA on a workspace level.