Enhance Account Security with Multi-Factor Authentication (MFA) in Alooba

At Alooba, we prioritize the security of your accounts and data. To provide an extra layer of protection, we offer Multi-Factor Authentication (MFA) to help prevent unauthorized access. This article will guide you through the setup and authentication process using MFA, ensuring you have the knowledge to enhance your account security.


What is MFA?

Multi-Factor Authentication (MFA) is a security feature that adds an extra layer of protection to user accounts, requiring more than just a password to access your accounts. Alooba's implementation of MFA requires users to verify they are in possession of the user's phone by sending an SMS with a one-time password (OTP) during the login process. This ensures that even if a user's password is compromised, only the authorized individual can access their account. These multiple factors of authentication are: something the user knows (password) and something the user has (their mobile phone). By requiring multiple forms of identification, MFA significantly reduces the risk of unauthorized access and strengthens overall account security.


Benefits of Enabling MFA for Login

Enabling MFA offers several key benefits that significantly enhance the security of user accounts. First and foremost, MFA provides an additional layer of defense against cyber threats, such as password breaches and phishing attacks. Even if an unauthorized individual obtains a user's login credentials, they will still be unable to access the account without the unique OTP sent to the user's phone through SMS. This effectively prevents unauthorized access and protects sensitive data from potential breaches.


Enabling MFA also aligns with best practices in data security and regulatory compliance. Organizations that prioritize account security by implementing MFA demonstrate their commitment to safeguarding user data and adhering to industry standards. By taking proactive measures to protect user accounts, businesses can build trust with their customers and stakeholders and mitigate the risk of data breaches and unauthorized access. Overall, enabling MFA for login is a powerful step towards reinforcing the security posture of any organization using Alooba's assessment platform.


How to Enable MFA for Users

  1. Access User Management: Log in to your Alooba account as an Owner or Admin. On the left side navigation pane, under the Organization section, click on Users. This will redirect you to the Manage Users page.
  2. Ensure the User Has a Phone Number Defined: If the user doesn't have a phone number set in Alooba, you can edit their user details to add one.

  3. Enable MFA: Once the user account has a phone number, the MFA option can be toggled on directly in the users table. This will prompt the system to send a security code to the user's phone via SMS when they attempt to log in.

    MFA toggle on the users list

How to Disable MFA for a User

To disable MFA, simply click the MFA toggle within the user list again. This will remove the MFA requirement for the user during login.


User Experience with MFA Enabled

When MFA is enabled, the user will have an extra step during the login process. After entering their email and password, an SMS will be sent to their phone number with a one-time password (OTP), and they will be prompted to input it to finalize their login. Once the OTP is entered, the user will be logged in as usual.

Upon login, the user will be prompted to enter an OTP received via SMS from the system.

MFA and Single Sign-On (SSO)

Please note that MFA can only be enabled for users on accounts that do not use Single Sign-On (SSO). If your organization uses SSO, MFA should be configured within your SSO provider.

For more information on SSO, please consult our Manage Users with SSO article.


Troubleshooting

Navigating the MFA feature can sometimes present challenges. Here's a guide to address some common issues:

  • Not Prompted for Security Code:

    If you're not prompted to enter the security code during login, ensure your account has MFA enabled and a phone number set. If you're still facing issues, contact an Alooba user with admin access for verification. Remember, if your organization uses SSO, MFA should be handled by your SSO provider.

  • Not Receiving the SMS Security Code:

    If the SMS with the security code doesn't arrive, first check that you have mobile phone reception, you may have to be patient for the SMS to arrive as some telecommunication networks are slower than others. If you are still not receiving the SMS with the OTP you should verify with a user with Admin access to Alooba that your phone number in Alooba is correct. If the problem persists, contact Alooba Support for assistance.

  • Unable to Access Phone for MFA Login:

    If you can't access your phone when trying to log in with MFA, reach out to an Alooba user with admin access. They can temporarily disable MFA for your account. Ensure you re-enable it once you have access to your phone again.

  • Changed Phone Number or Lost Access:

    If you've changed your phone number or can't access your old one, contact an Alooba user with admin access. They can update the phone number associated with your account.

Encountering issues not listed here? Don't hesitate to reach out to Alooba Support. We're here to help ensure your MFA experience is seamless.


Conclusion

Enabling Multi-Factor Authentication (MFA) in Alooba is a proactive step toward enhancing the security of your accounts and data. By following the steps outlined in this article, you can ensure that your users have an added layer of protection during the login process. If you encounter any issues or require assistance, feel free to reach out to Alooba Support, and we'll be glad to help.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles