Multi-Factor Authentication (MFA) is a method which is used to strengthen the security of a file, website, etc, and adds extra protection to the sign in process. It is an authentication method which allows the user access to a website/application once the user has provided the two (or more) pieces of information to verify identity;
WMDA use uses passwords and authentication applications as the two, alongside texts/calls.
...
This document is a guide to help aid users of the system to set up the required security verification methods to access the Search & Match Service.
Step | Description | Image |
|
---|
1 | - Please go to: Home page - WMDA Web Services and click on "Partner Sign In" or https://sandbox-search.wmda.info/ and click on "Login".
Search & Match Front End | |
|
2 | Please login with your email, and use the password that was provided to you by WMDA support;
A username and email will be emailed to you and you must change is when you first sign in (the "change password" functionality is also available if you forget your password).
Click “Sign In” (note, the struck out items below won’t work, so please don’t click them). | Search & Match Front End
| Possible problems :
|
3 | Enter a new password in the upper text box and confirm it in the lower text box [apologies for no explanatory text on this screen at this point] | Search & Match Front End
|
|
4 | Please read the content and click "Accept" on the screen below. | Search & Match Front End
|
|
5 | Now, you will need to set up “Multi Factor Authentication”. Click Next. | Search & Match Front end
|
|
6 | Choose your MFA method. You may choose - using an authenticator app on your smartphone
- using an SMS
- using a programmable hardware token
| - We recommend Microsoft Authenticator if it is available in your region and on your smartphone/device if you have one. Download (from your smartphone/device) and install it if you don’t already have it. It makes for the easiest MFA login experience.
- Alternative MFA tools are Authy or Google Authenticator, and there may be other options in your region (Please let us know so we can add them to our documentation!).
- If you don’t have access to a Smartphone, and SMS service is better in your area than 3G/4G/5G coverage, then you can receive MFA codes via SMS. Click “I want to set up a different method”. Note that there is a small cost to the WMDA to use SMS for MFA, so please use this option only if necessary.
If you are not allowed to use a smartphone, then you may use a hardware token that supports TOTP. Expand |
---|
These devices work normaly independently from a PC or Phone, or sometimes they use a companion app. We recommend only to use only certified tokens, eg . from https://token2.eu Tokens should minimally support TOTP
Examples of hardware tokens : Image AddedImage AddedImage Added
Token2 Molto : You program this device with either a mobile phone that has NFC, or via USB, depending on the model. Depending on model it may allow to store keys for up to 10 accounts.
Some tokens need a mobile phone with NFC and an companion app to generate the code. WMDA does not recommend these types and cannot support that.
WMDA tested tokens that are programmable over NFC and USB.
|
|
|
7 | Proceed with setting up your second factor method:
SP Horizontal nav group |
---|
SP Horizontal nav item |
---|
name | Microsoft Authenticator |
---|
| If you want to use Microsoft authenticator :
|
SP Horizontal nav item |
---|
name | Google Other Authenticator app |
---|
| If you want to use another authentication app click the "I want to use a different authenticator app",
and then select "Authenticator app" from the drop down menu and follow the proceeding instructions.
Any authenticator app that is TOTP compliant will be valid to generate codes. Some well known are Google Authenticator, Authy, Aegis
|
SP Horizontal nav item |
---|
| If you want to use a programmable TOTP token, click the "I want to use a different authenticator app"
and then select "Authenticator app" from the drop down menu and follow the proceeding instructions.
|
|
|
|
8 | Continue set up SP Horizontal nav group |
---|
SP Horizontal nav item |
---|
| fix screenshots |
SP Horizontal nav item |
---|
| For example : Google Authenticator Download the Google Authenticator app and open it up; click the multicoloured "+" and select "Scan a QR code".
Image Modified Image Modified The app will now ask for access to the phones camera to scan the QR code displayed on the wepage. Image ModifiedImage Modified
|
SP Horizontal nav item |
---|
| Hardware tokens will need to be set up, you use a helper application for that.
In short it works like this : 1) set the token in "programming mode" 2) approach the token to your phone, the burner app will start 3) select "add a profile" , and scan the QR code with your phone. 4) burn the code in the token
Due to the diversity of tokens you may want to ask assistance to your IT department. A sample of a procedure of an NFC programmable token can be found here : https://www.token2.com/shop/page/hardware-tokens-for-azure-cloud-multi-factor-authentication
|
|
| |
9 | To ensure the MFA was set up correctly, google asks the system will ask the user to verify the the authenticator with a verification code, which is displayed on the next page of the app. | |
|
| Once all complete, you should be brought back to the original home page, and it should show your email in the top right. When logging in, after having set up the MFA, the user will be prompted to approve the login on the app before access is granted. , either by entering the code from your authenticator, or tapping the "Approve" pop up in your application (when using Microsoft authenticator) The Microsoft Authenticator app will show a notification like the one below - | |
|