Multi-Factor Authentication (MFA)
Multi-factor authentication provides additional account security by prompting users to enter an additional code when logging in to ICA.
The code is generated automatically by the users authenticator device, typically an app on their smartphone, and changes frequently.
Logins to the Patriot smartphone app (Plink) do not currently support MFA.
Enable Multi-Factor Authentication
Login to ICA and open the user's account menu in the top right.
Select Enable MFA to open the Enable Multi-Factor Authentication modal.
Using an authenticator app. (Any will do, below are links to the Google Authenticator app)
Use an authenticator app to scan the QR Code that is displayed.
Once the app has scanned the QR Code it will provide the user with a code that changes every 30 seconds, enter this code into the Authentication Code field and click Save.
That account is now registered for Multi-Factor Authentication.
Log in with Multi-Factor Authentication enabled
When a user logs in with Multi-Factor Authentication enabled they will be prompted for an authentication code.
The user must enter the current code from their authenticator app.
Mandatory Multi-Factor Authentication
Mandatory multi-factor authentication can be enabled for specific Security Groups. Any user or operator in the security group will be required to enable multi-factor when logging in to ICA.
Disable Multi-Factor Authentication
This option is not available if mandatory multi-factor is enabled for the user.
Login to ICA and open the user's account menu in the top right.
Select Disable MFA to open the Disable Multi-Factor Authentication modal.
Enter the current code that appears in the user's Authentication app and click save.
Disable Multi-Factor Authentication as an operator
This requires an operator with privileges to edit operators.
Disabling Multi-Factor Authentication for operators
Login to Patriot, then navigate to the operator menu.
Select the operator that needs Multi-Factor Authentication turned off.
Select the Disable Multi-Factor Auth button.
If the operator has mandatory multi-factor authentication, they will be prompted to re-enable this on next login.
Disabling Multi-Factor Authentication for users
Open the user's User Details page in either the Users tab of a client or under User Maintenance.
In the Remote Access tab select the Disable Multi-Factor Auth button.
If the user has mandatory multi-factor authentication, they will be prompted to re-enable this on next login.
