We are excited to announce the Multi-Factor Authentication (MFA) feature with Release 7.36 for Springboard backend users. This new feature enhances the security of our backend systems by requiring additional authentication factors beyond the traditional username and password. By implementing MFA, we aim to provide an extra layer of security, significantly reducing the risk of unauthorized access and enhancing the overall protection of our systems and data.
We will be working with all clients to enable MFA for your tenant within 4 weeks of this release, Rel 7.36.
Key Features:
-
Multi-Factor Authentication (MFA) Enablement:
- All backend users will be required to set up and use MFA.
- MFA options include time-based one-time passwords (TOTP) via authenticator apps and email codes.
-
Flexible Authentication Methods:
- Users can choose their preferred authentication method during the setup process.
- Support for popular authenticator apps such as Google Authenticator, and Microsoft Authenticator.
-
Enhanced Security:
- Added protection against phishing, credential theft, and unauthorised access.
- Compliance with industry standards and regulatory requirements for multi-factor authentication.
-
User-Friendly Setup Process:
- The set-up process is user-friendly.
- Detailed instructions and support documentation is available for a smooth transition. Please refer to this section below.
- Administrative Controls.
How to use MFA:
1. Go to your Springboard URL.
2. Enter your username and password and click on the “Continue” button.
Set up the MFA process using either Authenticator app or an email code. Detailed are available on this link.
3. a). If using the Authenticator app, scan the QR code and enter the 6-digit code and the user will be logged in.
3. b). If using the email MFA, click on the “Switch to Email MFA” button. Please see the section below to set-up MFA on your device.
4. Please click on “Send a code”.
5. Enter the code received over the email and you will be logged in.
For admin users:
The admin users can manage the MFA for other via following the steps below:
1. As an admin user, on your Springboard, go to Administration --> Organisation Users --> Click on a user.
2. Under Organisation User details, check under “Login Details” section --> "Manage Multifactor Authentication”.
3. Clicking on it, will open a confirmation message. Click on the “Remove” button.
4. Success message will appear.
Security Considerations
PeopleScout has engaged an external security firm to review this new feature. No issues of concern were raised.
We value your feedback and are here to assist you with any questions or issues. Please reach out to our support team with your comments or concerns.
Thank you for your continued support and commitment to security.
Setting Up Authenticator-Based Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) adds an extra layer of security to your accounts by requiring a second form of verification beyond your password. This guide will walk you through setting up MFA on your iPhone or Android device using either Google Authenticator or Microsoft Authenticator.
Please note that even if you already have the Authenticator app set up for other services, you will need to create a new authentication entry specifically for this Springboard website. If you access multiple Springboard accounts, each one will require it's own authenticator account.
Prerequisites
- An iPhone or Android device.
- The account or service you want to secure with MFA.
- The Google Authenticator or Microsoft Authenticator app installed on your device.
Installing the Authenticator App
Google Authenticator
- Open the App Store (iPhone) or Google Play Store (Android).
- Search for "Google Authenticator."
- Tap "Install" to download and install the app.
Microsoft Authenticator
- Open the App Store (iPhone) or Google Play Store (Android).
- Search for "Microsoft Authenticator."
- Tap "Install" to download and install the app.
Setting Up MFA
Step 1: Login to Springboard
- Log in to your Springboard account with your usual credentials.
- If Authenticator-based MFA has been enabled for your solution, you will be presented with a QR code to scan
Step 3: Scan the QR Code
- A QR code will be displayed.
- Open the Google Authenticator or Microsoft Authenticator app on your device.
Please note that even if users already have an Authenticator app set up for other services, they will need to create a new authentication entry specifically for the Springboard website. This ensures that the security codes generated are unique to your Springboard account, providing an additional layer of protection.
Google Authenticator
- Tap the "+" button (usually at the bottom right).
- Select "Scan a QR code."
- Use your device's camera to scan the QR code displayed on your account's MFA setup page.
Microsoft Authenticator
- Tap the "+" button (usually at the top right).
- Select "Scan QR code."
- Use your device's camera to scan the QR code displayed on your account's MFA setup page.
Step 4: Enter the Verification Code
- After scanning the QR code, the app will generate a 6-digit verification code.
- Enter this code into the Authentication Sign In page on your account.
Step 5: Confirm and Save
- Confirm the code and save your settings.
- Your MFA setup is complete.
Using MFA
- When you log in to your account, after entering your username and password, you will be prompted to enter a verification code.
- Open your authenticator app.
- Enter the 6-digit code displayed in the app into the login prompt.
Backup and Recovery
Google Authenticator
- Google Authenticator does not automatically back up your codes. Make sure to save backup codes provided during the setup process.
- If you get a new device, you’ll need to set up Google Authenticator again for each account.
Microsoft Authenticator
- Microsoft Authenticator can back up your codes to your Microsoft account.
- To enable this, open the app, go to settings, and turn on "Cloud backup."
- When you get a new device, sign in to your Microsoft account in the Microsoft Authenticator app to restore your codes.
Email authentication
- If you can’t access your account using Authenticator, and your client solution permits it, you can select ‘Use Email Instead’ and have a 6-digit code sent to the email address for your account.
Troubleshooting
- Code Not Working: Ensure your device’s time is set correctly, as the codes are time-based.
- Lost Device: Use backup codes, email authentication or contact the service provider for account recovery options.
- New Device: Re-scan the QR codes or restore from backup (if using Microsoft Authenticator).
By following these steps, you can enhance the security of your accounts with multi-factor authentication using Google Authenticator or Microsoft Authenticator on your iPhone or Android device.