Multi-factor authentication (MFA) adds another layer of security when accessing Resolver using a password. MFA is managed in the Resolver API (Swagger) and Admins can complete the following:
- Enforce MFA for an Org. The next time users log in to the Org, the MFA set-up page will be displayed.
- Opt-out an individual user from an enforced MFA Org.
- Reset the MFA profile for a user.
Individual security-conscious users who authenticate with a username and password can also opt-in to MFA.
MFA should only be enforced in Production environments. |
Enforcing Multi-Factor Authentication on an Org
Admins can enforce multi-factor authentication (MFA) on their Org, which would prompt all active users to use MFA upon their next login. If there are multiple orgs in your Production environment, MFA will be enforced on all of them.
To enforce multi-factor authentication:
- Click theicon in the top bar > Swagger Docs in the Tools section.
- Click on any of the topics to open the API in a new browser tab.
- Click org to expand the list and click Put /user/org/mfa to open the parameters.
- Click on the Example Value to load the call into the body.
- Click Try it out!
- The 204 Response Code indicates the update was successful.
Reset Multi-Factor Authentication
If a user loses access to their authenticator app (e.g. mobile phone is lost) or over-writes the account credentials accidentally (i.e. adds account for sandbox environment), an admin can reset MFA for the end user.
To reset MFA for a user:
- Click theicon in the top bar > Swagger Docs in the Tools section.
- Click on any of the topics to open the API in a new browser tab.
- Click user to expand the list and click Put /user/users/mfa/reset to open the parameters.
- Click on the Example Value to load the call into the body.
- In the body section, replace the value 0 with the user id. How to retrieve a user id click here.
- Click Try it out!
- The 204 Response Code indicates the update was successful.
Opt-Out Multi-Factor Authentication for a Specific User
If a user has MFA set up but needs to access a specific org without MFA, an admin can disable MFA.
To opt-out an end user from MFA:
- Click theicon in the top bar > Swagger Docs in the Tools section.
- Click on any of the topics to open the API in a new browser tab.
- Click user to expand the list and click Put /user/users/{id}/membership to open the parameters.
- Click on the Example Value to load the call into the body
- Delete all additional calls and commas, excluding "mfaOptOut": true
- Enter the user id in the id field. How to retrieve a user id click here.
- If you want to turn MFA On for a specific user input the mfaOptOut value as False
- If you want to turn MFA Off for a specific user input the mfaOptOut value as True
- Click Try it out!
- The 204 Response Code indicates the update was successful.