Additional safety
Portbase will look after the security of your data. It is more important than ever to increase the security of logging in, including PCS. Therefore, logging in via Multi-Factor Authentication (MFA) will be the standard. This allows you to work even more safely in a IAMconnected account.
MFA is also called Two-Factor Authentication (TFA) and it functions as an additional security check. Users must verify their identity before being granted access. This is to check whether the user trying to access is actually a validated user or a fraudulent user.
The benefits of MFA:
- Users can log in more securely.
- Your data in the PCS and other connected services are better protected.
- The security of the PCS is increased.
Steps to greater security
Secure login with MFA
Logging into the PCS via Multi-Factor Authentication (MFA) will be the standard. That means you and/or your users can log in even more securely in IAMconnected account. Login is possible via:
- The Google Authenticator Application (on your smartphone)
- Other Authenticator Application, like Microsoft Authenticator, on your smartphone
- A security key that you receive from your organization (for users without a smartphone)
Steps for the main administrator
When connecting new users, it is helpful to give users a brief explanation of MFA. Please indicate which MFA option your organization uses by default. The videos on the right provide further instruction to the user for configuring MFA. If you have chosen a security key you need to issue it to your user.
As the Top-Level Administrator (and as a user administrator), you can reset MFA if your user has lost their phone or security key or left them at home. After the reset and after logging in, the user must reconfigure MFA. They can use a colleague’s phone for this purpose or you can issue a (temporary) security key.
If a user has a new phone then they can configure MFA themselves as follows:
- Log in to IAMconnected by using MFA on the old phone
- Go to profile and click “Reset MFA”
- Log in again.
- Configure MFA on the new phone
Steps for the user
How do I log in with MFA?
Once you have enabled MFA the first time, you will always log in this way from now on. This is done in the following way:
- Log in at www.iamconnected.euwith your username and password.
- Enter the number code from the Authenticator App or press the button on your security key (in your computer).
In some cases, Microsoft requires you to secure the security key with a PIN. In this case, you must first enter the PIN before you can use the security key.
How can I reset my MFA?
- Log in from a desktop (not your smartphone) to iamconnected.eu
- Go to ‘Profile’ and click ‘Reset’
- You will be automatically logged out.
- Log back in. You will be guided through the steps in configuring MFA. In this process, you can specify which form of MFA you want to use.
If you do not have access to your MFA (for example, because you lost your phone), please contact your main administrator, the person who can reset MFA for you.
Frequently asked questions
General
How do I configure MFA?
In order to configure MFA, you must have MFA enabled. You can configure MFA as follows:
- Log in to IAMconnected.
- If MFA is enabled but not yet configured, you will see the ‘Set up Multi-Factor Authentication’ screen.
- Click on Google Authenticator and select the type of phone you have. If you don’t have Google Authenticator on your phone yet, click on the download link and install it on your phone.
- Open the Google Authenticator app.
- In the app, press ‘+’, then ‘scan QR code’ and scan the QR code on your computer screen.
- A 6-digit code will appear on your smartphone. Enter the 6-digit code on your computer.
- Click ‘finish’.
If you have received a security key from your organisation or you want to log in with your mobile phone or with Windows Hello, check out the information on security keys in the frequently asked questions.
How to configure MFA on my new phone ?
- Log in to IAMconnected by using MFA on the old phone
- Go to profile and click “Reset MFA”
- Log in again.
- Configure MFA on the new phone
How do I reset MFA?
Resetting MFA means you can reconfigure MFA. This applies in the following situations:
- You have a new phone.
- You have lost (or forgotten) your phone and/or security key.
- You want to configure a different method of MFA.
Who can reset MFA?
- If you still have access to your account as a user, you can reset your account yourself (for example, if you have a new phone).
- If you no longer have access to your account, your organisation’s administrator can reset MFA for you.
- If you are the Main Administrator, please contact Portbase Customer Service.
How do I reset MFA as a user?
1. Log in to www.iamconnected.eu via a desktop (not your smartphone)
2. Go to ‘Profile’ and click on ‘Reset’
3. You will be automatically logged out.
4. Log back in. You will be guided through the process of configuring MFA. In this process, you can specify which form of MFA you want to use.
How do I reset MFA for my user?
As the main administrator, you can reset MFA for a user as follows:
- Find the employee in question via ‘User Management’ > Employees.
- Click to open the details of the employee you want to disconnect from the organisation.
- Select the ‘Reset MFA’ option.
How do I disable MFA?
This is not possible for security reasons.
How do I configure MFA on my mobile without a computer?
Setting up MFA is easy if your log into IAMconnected from a computer. If you are logging into IAMconnected from your mobile, setting up is a lot trickier. We therefore recommend setting up IAMconnected from a computer. Want to set up MFA and don’t have a computer? There are two ways to configure MFA on your mobile:
- Your mobile as a Security Key (for iPhones with Face ID/Touch ID or modern Android devices). This is the easiest way to configure/use MFA.
- Configure Google Authenticator on your mobile. This is a more complex method of one-time MFA configuration and is more complicated to use. It is described in the frequently asked questions under authenticator apps.
Configuring MFA with your mobile as the Security Key
For this you will need an iPhone with Apple Face ID/Touch ID or a modern Android phone.
- In the ‘Set Up Multi-Factor Authentication’ screen, click ‘Set Up Security Key’
- Click ‘Register’.
- You will then be asked ‘Do you want to allow …?’ Click on ‘Continue’. If you have an iPhone, use Face ID/Touch ID. If you have an Android phone, click on ‘Use this device with screen lock’.
- This completes configuration and allows you to set an additional optional factor, which is useful if you also want to be able to log into IAMconnected from another computer.
Authenticator apps
Which authenticator applications are supported?
You can use any application that supports the TOTP protocol.
If you are already using an authenticator app, you can configure IAMconnected as an additional account.
Examples of authenticator apps are:
- Google Authenticator
- Microsoft Authenticator
- DUO Mobile
- Authy
- LastPass Authenticator
In terms of guidance, explanation and support, IAMconnected has chosen the (widely used) Google Authenticator.
Setting up MFA for Microsoft Authenticator
It is possible to set up MFA on another authenticator app, such as Microsoft Authenticator. This is particularly useful if your organisation is already using Microsoft Authenticator.
The following Microsoft page shows you how this works (Add non-Microsoft accounts to the Microsoft Authenticator App)
For IAMconnected, this works as follows:
- In the ‘Set Up Multi-Factor Authentication’ screen, click on ‘Google Authenticator’.
- In the ‘Set Up Google Authenticator’ screen, click on ‘iPhone’.
- Click on ‘next’ (and ignore the prompt to download Google Authenticator). You will now see a QR code.
- Open the Microsoft Authenticator app. Click on ‘Add Account’. Click on ‘Other’ (Google, Facebook, etc.).
- Use your phone’s camera to scan the QR code.
- Check the information about the account that has been added on your mobile.
- On the IAMconnected page, under the QR code, click on ‘next’.
- On the IAMconnected page, enter the 6-digit code shown on your phone and click ‘verify’ and then ‘complete’.
- MFA is now enabled.
When logging in, you must first provide your username and password. The ‘Enter code’ screen will then appear. Enter the numerical code shown in Microsoft Authenticator app.
Configuring MFA with your mobile (using Google Authenticator)
If you do not have a computer at your disposal to configure MFA, you can complete the following steps on your mobile:
- Install ‘Google Authenticator’ on your mobile.
- In the ‘Set Up Multi-Factor Authentication’ screen, click on ‘Google Authenticator’.
- In the ‘Set Up Google Authenticator’ screen, click on ‘iPhone’.
- Click on ‘next’; you will now see a QR code.
- Click on ‘scanning not possible’. You will now see a Secret Key.
- Open the Google Authenticator app on your mobile. Click on the plus sign. Click on ‘Enter setup key’.
- Under ‘Account’, enter ‘IAMconnected’.
- Under ‘Key’, enter the Secret Key. You cannot copy and paste it; you must retype it. Then click on ‘next’.
- Check the information about the account that has been added on your mobile.
- On the IAMconnected page, enter the 6-digit code shown on your phone and click ‘verify’ and then ‘complete’.
- MFA is now enabled.
When logging in, you must first provide your username and password. The ‘Enter code’ will then appear. Enter the numerical code shown in the Google Authenticator app; you can also copy and paste it on your mobile.
Google Authenticator codes do not work
The time is not synchronised correctly for Google Authenticator. How do you solve this?
Android phones:
- Go to the main menu in the Google Authenticator app.
- Tap More (three dots) > Settings.
- Tap Time correction for codes.
- Tap Sync now.
- On the next screen, the app confirms that the time has been synchronised.
You should now be able to use your verification codes to log in.
iPhones:
- Go to iPhone Settings
- Select General
- Select Date & Time
- The Set automatically option must be enabled
- Restart your iPhone (optional)
You should now be able to use your verification codes to log in.
Security keys
How do I configure MFA with a security key?
In order to configure MFA, you must have MFA enabled. You can configure MFA with a Security Key as follows:
- Log in to IAMconnected.
- If MFA is enabled but not yet configured, you will see the ‘Set up Multi-Factor Authentication’ screen.
- Click on “Set up” under “Security Key”.
- Click on “Enroll”.
- Click the Security Key in the computer. Enter a pin if requested.
- Place your finger on the Security Key.
- Confirm in your browser. A green checkmark is displayed after “Security Key”.
- Optional: You can also configure an additional Security Key or also configure Google Authenticator. We strongly advice to configure at least one additional item.
- Click on “Finish”. Your account is now secured with MFA.
Does Portbase supply security keys?
Security keys cannot be ordered through Portbase; you will need to order them from a supplier yourself.
Which security keys are supported?
The security key must support FIDO2. Portbase has tested the following security keys:
- YubiKey Security Key NFC –
https://www.yubico.com/nl/product/security-key-nfc-by-yubico/(price approximately €25 excluding VAT) - Yubikey 5 NFC –
https://www.yubico.com/nl/product/yubikey-5-nfc/(price approximately €45 excluding VAT) - Feitian ePass FIDO2 A4B –
https://www.ftsafe.com/products/FIDO/Single_Button_FIDO(price approximately €16.50 excluding VAT)
The prices stated are valid from November 2021 and are indicative – they are primarily intended to give you an idea of the price difference.
There are various suppliers of suitable security keys. You can choose your own supplier. Some examples of suppliers:
virtualsecurity.com
Kommago.nl
Authenticationkey.nl
Globe.com
Amazon.com
Can I set up multiple security keys or use both a security key and an authenticator app?
Yes, you can.
How do I use Windows Hello as a security key?
If you have Windows Hello enabled on your computer, you can use it to log in to IAMconnected. You configure it as follows:
- In the ‘Set Up Multi-Factor Authentication’ screen, click on ‘Set Up Security Key’.
- Click ‘Register’.
- You will then be asked ‘Set up Windows Hello … to sign in?’ Enter your Windows Hello PIN.
- This completes configuration and allows you to set the additional optional factor. We recommend doing so, so that you can also log into IAMconnected from other computers.
Which browsers are supported?
All modern browsers are supported. Safari is supported from version 14. Internet Explorer is not supported.
Do security keys support thin clients?
That depends on the network protocol being used. Microsoft’s remote desktop protocol (RDP) does not support security keys. We do not yet have sufficient information about other protocols.
Additional tips for Top-Level Administrators
- Keeping a number of unconfigured keys in stock for users who have lost or forgotten their keys.
- Activating two keys for the account of the main administrator and putting one in a safe, for example, as a back-up.