View Source

Multi-Factor Authentication (MFA) is a method which is used to strengthen the security of a file, website, etc, and adds extra protection to the sign in process.

It is an authentication method which allows the user access to a website/application once the user has provided the two (or more) pieces of information to verify identity;
Valid authentication methods for WMDA services are passwords, authentication applications and hardware tokens.

This document is a guide to aid users to set up the required security verification methods to access the Search & Match Service.

Initial setup:

Step

Description

Image

1

Please go to this web page. You can also go to https://portal.wmda.info/ and click on:

"Login"

followed by

"Forgot your password?"

Search & Match Service > MFA user guide > image2022-10-20_16-39-48.png

Search & Match Service > MFA user guide > image2022-10-20_16-40-10.png

2

Follow the steps to verify your e-mail address and set up your initial password.

3

Enter a new password in the upper text box and confirm it in the lower text box

4

Please read the content and click "Accept" on the screen below.

5

Now, you will need to set up “Multi Factor Authentication”.

Click Next.

Search & Match Front end

6

Choose your MFA method. You may choose

using an authenticator app on your smartphone
using a hardware token

We recommend Microsoft Authenticator if it is available in your region and on your smartphone/device if you have one. Download (from your smartphone/device) and install it if you don’t already have it. It makes for the easiest MFA login experience.
Alternative MFA tools are Authy or Google Authenticator, and there may be other options in your region

(Please let us know so we can add them to our documentation!)

If you are not allowed to use a smartphone you may use
hardware tokens that supports TOTP.
Hardware tokens are devices that work independently from a PC or Phone.

We recommend only to use only certified tokens, eg . from https://token2.eu

Tokens should minimally support TOTP, this is a single use six digit code that is uniquely bound to your account and changes every 30 seconds.

Examples of hardware tokens :

Example use : Token2 Molto

This type of device is programmed once. Once programmed they provide the TOTP code without the use of a PC or mobile phone.

You can program these devices with either a mobile phone that has NFC, or via USB, depending on the model.

Some models allow to store keys for up to 10 different accounts.

There are tokens that need a mobile phone with NFC and an companion app to generate the TOTP code. WMDA does not recommend these tokens. Contact support@wmda.info if you have questions selecting the correct token for your situation.

Software token on desktop. There are various desktop applications available for Windows and MAC that provide TOTP tokens. These include:
1. Password managers such as Bitwarden, Lastpass and 1Password. In some cases you may need to have a paid subscription. Please check its documentation for instructions on how to set this up.
2. Standalone applications such as KeepassXC and Authy. Please check its documentation for instructions on how to set this up.
SMS is no longer a valid option as Microsoft will soon no longer allow this. Please see Security improvements SMS MFA users WMDA services

7

Proceed with setting up your second factor method:

If you want to use Microsoft authenticator :

Search & Match Service > MFA user guide > image2022-7-4_14-21-1.png

If you want to use another authentication app click the "I want to use a different authenticator app",

Search & Match Service > MFA user guide > image2022-7-4_14-21-58.png

and then select "Authenticator app" from the drop down menu and follow the proceeding instructions.

Any authenticator app that is TOTP compliant will be valid to generate codes. Some well known are Google Authenticator, Authy, Aegis

Search & Match Service > MFA user guide > Account-MFASetup10.png

If you want to use a programmable TOTP token, click the "I want to use a different authenticator app"

Search & Match Service > MFA user guide > image2022-7-4_14-21-58.png

and then select "Authenticator app" from the drop down menu and follow the proceeding instructions.

Search & Match Service > MFA user guide > Account-MFASetup10.png

If you want to use a software based TOTP token on your desktop, click the "I want to use a different authenticator app"

Search & Match Service > MFA user guide > image2022-7-4_14-21-58.png

and then click on "Next"

Search & Match Service > MFA user guide > image-2023-6-19_11-7-51.png

You will then see a QR code. If your software is able to scan it, then do that. If not, then click "Can't scan image?"

Search & Match Service > MFA user guide > image-2023-6-19_11-8-52.png

You are then able to see the account name and the secret key. Copy the secret key to your desktop application.

8

Continue set up:
There are a few more screens to work through, which will vary according to which MFA approach you use.

Open the Microsoft Authenticator app and follow the instructions given.

Firstly click the "+" symbol to add the account and choose the "Work or school account" option, then choose the "Scan QR code" option.

Search & Match Service > MFA user guide > IMG_3744.jpg

The app will then access your camera, allowing the user to scan the QR code displayed on the webpage on the computer (it is displayed once the user clicks "Next" on the webpage).

Search & Match Service > MFA user guide > IMG_3747.PNG

Now the authenticator has been set up, head back to the webpage on the computer for the final confirmation.

Example : Google Authenticator

Download the Google Authenticator app and open it up; click the multicoloured "+" and select "Scan a QR code".

The app will now ask for access to the phones camera to scan the QR code displayed on the webpage.

Hardware tokens will need to be set up, either using NFC or USB.

You need a helper application for that.

In short it works like this :

1) put the token in "programming mode"
2) approach the token to your phone, the burner app will start
3) select "add a profile" , and scan the QR code with your phone.
4) burn the code in the token

Due to the diversity of tokens you may want to ask assistance to your IT department.
A sample of a procedure of an NFC programmable token can be found here :
https://www.token2.com/shop/page/hardware-tokens-for-azure-cloud-multi-factor-authentication

Please contact us if you have problems setting up your token.

9

Check if the authenticator works

To ensure the MFA was set up correctly, the system will ask the user to verify the the authenticator with a verification code, which is displayed on the next page of the app.

Once all complete, you should be brought back to the original home page, and it should show your email in the top right.

10

Logging in

When logging in, after having set up the MFA, the user will be prompted to approve the login, either by entering the code from your authenticator, or tapping the "Approve" pop up in your application (when using Microsoft authenticator)

The Microsoft Authenticator app will show a notification like the one below -