Multifactor Authentication

STEP environments can be configured to support Multifactor Authentication (MFA) for user accounts managed in STEP to enhance the security for such accounts. This is not applicable when user accounts are managed externally via Identity Providers (IdPs). Contact Stibo Systems support to enable MFA for your environment.

MFA is a security method that requires users to verify their identity through an additional factor / validation before gaining access to a STEP environment. Key benefits are enhanced security, reduced risk of data breaches, protection against phishing attacks, compliance with regulations in some industries, and improved user trust. The MFA method for STEP is based on time-sensitive one-time codes that are generated through an external multifactor mobile application. The one-time codes are dynamically generated and only remain valid for a short period of time.

When MFA is set up and configured its usage can be represented as follows:

  1. User enters login credentials.

  2. User enters the MFA verification code generated by an authenticator application.

  3. User is granted access provided MFA is verified.

Enabling MFA for a User Group

When MFA functionality is enabled for the environment, STEP administrators can activate the Multifactor Authentication Required parameter on the desired user group(s). The users in the activated group(s) must set up and use MFA to authenticate.

Setting Up MFA for a User

When MFA is enabled for a user group, the users in that group will be prompted to configure MFA using an authenticator application the next time they log into the STEP environment.

  1. Log in with MFA credentials to display a short wizard.

  2. If a mobile authenticator app is not already installed on the mobile device, select the appropriate mobile device tab to display a QR code for installation of the Microsoft Authenticator app:

    • iPhone & iPad - Scan the QR code on a mobile device to navigate to the app in the App Store.

    • Android - Scan the QR code on a mobile device to navigate to the app in the Google Play Store.

    • Other authenticator apps are also supported, such as Google Authenticator.

  3. Choose a method to add the STEP environment user account to the authenticator app.

    • Automatic: scan the QR code, enter the one-time code, and click the Submit button.

    • Manual: refer to the web for instructions for the applicable authenticator app and follow the directions available on the 'If you are not able to scan the QR code...' link.

Using MFA to Authenticate

When MFA is enabled for a user group, and the users have added their account to their authenticator app, after logging in with usual STEP credentials (login and password), the users must submit the one-time code associated with their account in the authenticator app.

In this example, pmdmuser1 would note the '729732' code in the Microsoft Authenticator app and enter it into the pmdm-production multifactor verification screen.

Resetting MFA for a User

When the MFA configuration for a user needs to be reset, for example, for security reasons or after a mobile device change, a STEP administrator right-clicks on the desired user and selects the 'Reset Multifactor Authentication' option.

A message notifies the STEP administrator that the password has been reset for that individual user.

The reset user must repeat the steps in the Setting Up MFA for a User section above.