sevco.io

Setting Up Multi-Factor Authentication

Overview

ℹ️

Admin users can no longer enforce MFA Enrollment requirements for individual users; however, they can enforce MFA Enrollment at the organizational level for all members.

Multi-Factor Authentication (MFA) provides an additional layer of security by generating a one-time code that users must enter during sign in. If you are prompted to set up MFA while activating your account, you can do so using any QR-code-based authenticator app (i.e. Google or Microsoft Authenticator).



Enabling MFA For Your Account

MFA settings are located in the Profile page for your account. This page can be accessed by selecting the Profile icon () at the very bottom of the Navigation bar, then selecting the Profile link from the dropdown menu.

Please note that Profile icons vary in appearance from account to account. While its color is assigned at random, the icon will always contain the first letter of the first name associated with your account.

Navigating to the Profile page


From the Profile page, select the Enable MFA on your account toggle located in the Settings panel.

A popup will appear asking you to confirm that you would like to continue. Select OK to confirm. A green Member successfully updated message will appear and you will be redirected to the MFA Setup page.

Navigating to the Profile page


Once you have been redirected, you will see a QR Code. Scan this code with your preferred authenticator app. Next, enter the one time code generated by the authenticator into the provided field, then click the Continue button.


⚠️

Recovery codes are only shown once and must be saved in a secure place!

You will be provided with a recovery code that can be used to log into your account in the event that you lose access to your authenticator app. Select the Copy code button to copy the code to your clipboard then save it in a secure place.

Once you've saved your code, check the I have safely recorded this code checkbox, then click the Continue button to complete this process.

Redirect to MFA page



Resetting an MFA Token

The Sevco platform allows you to reset your MFA Token. Admin users may also reset MFA Tokens for other members in their organization.

MFA tokens may be reset:

  • To practice good security hygiene. Like updating your password, resetting an MFA Token can help shield you from cyber attacks
  • If a user has lost access to their authenticator app.
  • If you have reason to believe that a user's password or recovery code has been wrongfully obtained

Profile Page

To reset an MFA Token from your Profile page, select the Reset MFA token button in the Settings Panel. A popup will appear. Select Ok to continue.

You will be redirected to the MFA Setup page where you can continue reconfiguring your MFA authentication.

Select Reset MFA token button and confirmation prompt. Redirect to MFA Setup page


Members Page

⚠️

Please note that this page is only accessible to Admin users. If your account is Read Only, you will need to contact an Admin to view it.

The Members page can be accessed by clicking the Admin icon () on the Navigation bar then select the Members link from the dropdown menu


MFA tokens can be reset by clicking the kebab icon () in the far-right column and selecting Reset MFA token from the popup menu.

Popup, okay, success



Lost MFA Login Alternatives

In the event that you have lost access to your MFA authentication app, there are two methods that can be used for accessing your account.

From the Login page, enter and submit your username and password as you normally would. Next, select the Try another method link at the bottom of the Verify Your Identity prompt.

Select Try another method link


Recovery Code

If you have access to your Recovery Code, select the Recovery Code option from the Other Methods menu.

Once you have been redirected, paste your Recovery Code into the provided field, then click the Continue button.

Selecting Recovery Code method then pasting Recovery Code before Clicking Continue Button


You will be provided with a new Recovery Code. Select the Copy code button to copy the code to your clipboard then save it in a secure place.

Once you've saved your code, check the I have safely recorded this code checkbox, then click the Continue button to complete this process.

Copying new Recovery Code


Email

In the event that you have lost your Recovery Code, you can have a temporary verification code emailed to you that will allow you to access your account. As a security measure, we recommend only using this method as a last resort.

Select the Email option from the Other Methods menu to begin this process. You will be prompted to enter the code that has been emailed to you. Keep this page open, as you will be returning to it momentarily.

Selecting Email Method


Copy the verification code that has been sent to your email, then return to the verification page in Sevco.

Copy Code from Email


Paste the verification code into the provided field, then select the Continue button to complete this process.

Depending on the MFA Enrollment requirements set by your Organization Admin, you may be prompted to reset your MFA Token automatically. If your Organization does not have this requirement, we strongly recommend resetting your MFA Token from your Profile page to secure your account.



Enforcing MFA for an Organization

While Admin users can no longer enforce MFA Enrollment requirements for individual users, they can enforce MFA Enrollment at the organizational level for all members. Sevco recommends enforcing MFA enrollment at the organizational level to reduce the risk of phishing attempts that could result in stolen credentials.

From the Members page, select the Enforce MFA for all members toggle in the Settings panel.

Select Enforce MFA button



Logging in with Single Sign-on (SSO Integration)

⚠️

Admins planning on configuring a Single Sign-on integration for their organization should disable MFA enforcement at the organizational level. Additionally, organization members should also disable MFA enforcement for their accounts.


Admin users can connect their Single sign-on (SSO) integration (i.e. cloud Identity Providers such as Okta or AzureAD) to the Sevco platform using Sevco's SAML Configuration APIs.

Creating an Application

To enable an SSO Integration, your Identity Provider will create an Application. This will require the following configuration information:

Single Sign-on URL:

Replace the 0's with your Organization ID

https://sevco.us.auth0.com/login/callback?connection=00000000-0000-0000-0000-000000000000

Audience Restriction (or Entity ID):

urn:auth0:sevco:00000000-0000-0000-0000-000000000000

Additionally, you will need to add a Claim. The claim's Name should equal email and its Value should reflect the naming scheme used by your Identity Provider to qualify a user's email address (i.e. user.email).

Enabling the SSO Integration

After the Application has been created, your Identity Provider will provide an X.509 Certificate as well as a Single Sign-on URL. These will be used when calling the API to enable the SSO Integration.

For additional documentation about Sevco's SAML Configuration APIs, please email us at [email protected].