Multi-Factor Authentication (MFA)

What is Multi-Factor Authentication (MFA)?
This additional security check requires users to verify their identity by providing multiple pieces of evidence before they can access a device or application. By using MFA, you can check whether the user is actually a validated user trying to gain access or whether it is a rogue user who has stolen login credentials. Using MFA, makes working with your IAMconnected account more secure. MFA is also called Two Factor Authentication (TFA)

What types of MFA does IAMconnected support?
IAMconnected supports login with:

  • An Authenticator App on your phone (smartphone) and
  • A security key.

A security key only works with modern browsers on a PC or laptop. Internet Explorer is not supported.
Browsers on phones have limited support.

How do I enable MFA?
To enable MFA, you must have a suitable authenticator installed on your smartphone (e.g. Google Authenticator) or have a suitable security key (e.g. a Yubikey).

Please note: You cannot disable MFA once you’ve turned it on. Neither can your global administrator or Portbase.

  1. Login to IAMconnected via www.iamconnected.eu
  2. Go to “Profile” and click on “extra verification (MFA)”
  3. Click on the button

You will be automatically logged out. Then you need to log in again and you will be guided through the process of configuring MFA.
You can indicate which type of MFA you want to use.

How do I log in with MFA?

  1. Login to www.IAMconnected.eu with your username and password.
  2. You will then be asked to
    a. Either enter the number code of the authenticator app
    b. Or press the button on your security key (which is in your computer).

In some cases, Microsoft requires the security key to be protected by a PIN code.
In this case, you must first enter the security code before you can use the security key.

How can I reset my MFA, in cases like when I have lost my phone or security key?
Your global administrator can reset your MFA. If you are the global administrator, you can contact the support desk at Portbase.

How do I enable MFA for my organization?
A global administrator may enable MFA for the entire organization. As a result, all users have to set up MFA when they log in. It is important that:

  • Users have a phone with an authenticator app or a security key
  • Users are informed about how to configure and use MFA

Warning: it is not possible to reverse this procedure. So there is no turning back!
To enable MFA do as follows:

  • Login to IAMconnected.eu
  • Go to Organization Management
  • Click on the organization for which you want to enable MFA
  • Click on “Enable Periodic Validation”. This will send you a periodic reminder to validate the users of your organisation
  • Click on “Enable MFA”

When using security keys, we recommend the following:

  • Have some unconfigured keys available for users who have lost or forgotten their key.
  • Activate two keys for the account of the global administrator and keep one as a standby, e.g. in a safe.

Frequently Asked Questions

Can you disable MFA as a user?

You cannot

Can you disable MFA as an organization?

You cannot

Who can reset MFA?

For a User (not a Super User): Super User / User Administrator

For a Global Administrator: Service Desk of Portbase

What does MFA reset mean?

Your MFA settings will be deleted. After logging in again, you need to reconfigure MFA.

Does Portbase supply security keys?

No (to be purchase by companies)

Can I set up multiple security keys or use both a security key and an authenticator app

Yes, you can.

Can I use a security key with NFC on my iphone as well?

Not yet, but possibly in the future.
There are also security keys with a lightning (iPhone) connector; Portbase has not tested these.

Which browsers support Yubikey?

Which browsers support Feitian

No information available; probably the same browsers that support Yubikey.

Which authenticator applications are supported?

You can use any application that supports the TOTP protocol.
If you already use an authenticator app, you can configure IAMconnected as an additional account.
Some authenticators are:

  • Google Authenticator
  • Microsoft Authenticator
  • DUO Mobile
  • Auhty
  • Lastpass

In their guidance, instructions and support, IAMconnected has chosen the (widely used) Google Authenticator.

Which security keys are supported?

The security key must support FIDO2.
Portbase has tested the following security keys:

Price indications are from November 2021 and are meant to indicate in particular the price difference.

Was this post helpful?