Setting up multi-factor authentication in PANTHEON 

Multi-factor authentication (MFA) or Two-factor authentication (2FA) is an electronic authentication method in which a user is granted access to PANTHEON only after successfully presenting more pieces of evidence (or factors) to an authentication mechanism.

Warning Tokens can be sent to users only if eMessaging service is activated and a sufficient quantity of messages is available in the package. You can order eMessaging service on our User Site. Additional information about the service can be found on the Datalab website.

Hint To see a use case on how to log in to PANTHEON using MFA, read the chapter Logging into PANTHEON using multi-factor authentication.

In this chapter, we will present a use case on how to successfully set up MFA in PANTHEON.

Case summary The administrator wants to set a Multi-factor authentication for all users in PANTHEON. They must enable MFA in Administration panel and set user's contact infromartion. They do this by following these steps. Setting up phone number for MFA token Enabling MFA

1. Setting up phone number for MFA Token

The person responisble starts setting up MFA by adding user's phone numbers.

They open the Subjects register by selecting Subjects | Subjects from the menu and find their company, in our case Tecta Plc.

Hint You can access user's contact info by double-clicking on the Contact/Clerk field of a user in Users and Groups | Users | User panel in Administration panel.

In the Contacts section, they click on a user and enter the contact infromation.

• In the column Type, they select MFA SMS Authentication.
• In the column Phone / E-Mail / URL, they enter the user's phone number.

Warning If the MFA is enabled and the user does not have a phone number set up, then the login for that user will not be possible.

They continue to enable MFA in PANTHEON.

2. Enabling MFA

They open the Administration panel by selecting  Settings | Program | Administration Panel from the menu. They open Settings | Company panel.

They enable the MFA by setting the vaildity of MFA Token in the MFA Token valid hours field. In our case they set validity to one (1) hour.

Next they set the length of the token, in our case 4, in the Token lenght field.

Hint The default value in MFA Token valid hours field is -1, which means that MFA is disabled. To enable it enter the number greater than 0. For more information, see chapter General.

To prevent users from locking themselves out from PANTHEON, the program ask for MFA token when user is trying to set up MFA.

Hint For use case on how to request and enter MFA token, see chapter Logging into PANTHEON using multi-factor authentication.

After succesful authentication with MFA token, the MFA authentiaction in PANTHEON is set.