Enforcing Multi-Factor Authentication on an Org

Multi-factor authentication (MFA) adds another layer of security when accessing Resolver using a password.  MFA is managed in the Resolver API (Swagger) and Admins can complete the following: 

  • Enforce MFA for an Org.  The next time users log in to the Org, the MFA set-up page will be displayed.
  • Opt-out an individual user from an enforced MFA Org.
  • Reset the MFA profile for a user. 

 Individual security-conscious users who authenticate with a username and password can also opt-in to MFA.  

MFA should only be enforced in Production environments.


Enforcing Multi-Factor Authentication on an Org 

Admins can enforce multi-factor authentication (MFA) on their Org, which would prompt all active users to use MFA upon their next login.  If there are multiple orgs in your Production environment, MFA will be enforced on all of them. 

To enforce multi-factor authentication:

  1. Click theicon in the top bar > Swagger Docs in the Tools section.

    Graphical user interface, application

Description automatically generated

  2. Click on any of the topics to open the API in a new browser tab.
  3. Click org to expand the list and click Put /user/org/mfa to open the parameters.

    A picture containing table

Description automatically generated

  4. Click on the Example Value to load the call into the body. 

    Graphical user interface, application

Description automatically generated

  5. Click Try it out!

    Graphical user interface, text, application, email

Description automatically generated

  6. The 204 Response Code indicates the update was successful. 

    Graphical user interface, text, application

Description automatically generated



Reset Multi-Factor Authentication

If a user loses access to their authenticator app (e.g. mobile phone is lost) or over-writes the account credentials accidentally (i.e. adds account for sandbox environment), an admin can reset MFA for the end user.

To reset MFA for a user:

  1. Click theicon in the top bar > Swagger Docs in the Tools section.Graphical user interface, application

Description automatically generated
  2. Click on any of the topics to open the API in a new browser tab.
  3. Click user to expand the list and click Put /user/users/mfa/reset to open the parameters.Graphical user interface, application

Description automatically generated
  4. Click on the Example Value to load the call into the body.
  5. In the body section, replace the value 0 with the user id.  How to retrieve a user id click here. 
  6. Click Try it out!
  7. The 204 Response Code indicates the update was successful.
    Graphical user interface, text, application 
Description automatically generated



Opt-Out Multi-Factor Authentication for a Specific User

If a user has MFA set up but needs to access a specific org without MFA, an admin can disable MFA.

To opt-out an end user from MFA:

  1. Click theicon in the top bar > Swagger Docs in the Tools section.Graphical user interface, application

Description automatically generated
  2. Click on any of the topics to open the API in a new browser tab.
  3. Click user to expand the list and click Put /user/users/{id}/membership to open the parameters.Graphical user interface, application, email

Description automatically generated
  4. Click on the Example Value to load the call into the body 
  5. Delete all additional calls and commas, excluding "mfaOptOut": true 
  6. Enter the user id in the id field. How to retrieve a user id click here.  
    • If you want to turn MFA On for a specific user input the mfaOptOut value as False
    • If you want to turn MFA Off for a specific user input the mfaOptOut value as True
  7. Click Try it out! 
  8. The 204 Response Code indicates the update was successful.
    Graphical user interface, text, application

Description automatically generated