- Knowledge Base
- Admin guide
- Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA)
Don't put your Bynder account at risk and make use of multi-factor authentication (MFA), which is also known as two-factor authentication (2FA). This is an extra security layer added to the login process of portals that do not make use of single sign-on (SSO). Users with MFA enabled need to enter an additional security code besides their regular email and password. This security code is generated by an authenticator app on another device. In most cases this would be your smartphone. All MFA apps that support TOTP (Time-based One-Time Passwords) can be used.
As an admin you can enable 2FA for all permission profiles or only for specific ones. Alternatively, you can allow users to enable it themselves for their profiles if they think it's needed.
Select your portal role below to get all the relevant information you need about multi-factor authentication
If your portal is not set up with single sign-on (SSO), we strongly advise to roll out multi-factor authentication portal-wide in order to secure the accounts of your users as much as possible.
Contact your Customer Success Manager, who can help you setting up multi-factor authentication for your portal. Once MFA is enabled, users can set up their MFA under their account settings.
(Optional) Enable 2FA for all or specific user profiles, so that users with these profiles are required to set up and use MFA. Read more about it here.
Go to
Settings > Users & rights > Permission Management to verify your permissions.
Select the user profile for which you want to enable 2FA.
In the Users and permissions section, select the permission Require MFA on login.
Click the Save button at the bottom of the page to save the changes.
Now, all users with that profile will have to set up 2FA the next time they try to log in.
Follow the instructions below to reset the MFA of a user.
Go to
Settings > Users & rights > User Management.
Search for the user who needs a MFA reset and click the account.
Click the Reset button in the Multi-Factor Authentication section. The user can now login again without having to use MFA.
Click the Save button.
Note
Only users with a permission profile that has the Require MFA on login permission enabled, will need to reconfigure their MFA upon their first login after the MFA reset. Users with a profile for which this permission is not enabled, will not be required to re-enroll for MFA. They can re-enroll manually though by going to their account page.
At what level do you want to disable MFA?
Multi-factor authentication can be disabled for the complete portal. This will have an impact on all users who set up MFA before, since they will no longer be able to use MFA.
Contact your Customer Success Manager, who can help you switching off MFA completely.
MFA can be disabled for a permission profile by following the steps below.
Note
Disabling MFA on a user profile level only makes sure that new users with this profile are no longer required to set up MFA upon their first login. However, MFA will not be deactivated for all users, who have this profile and already set up MFA before.
Go to
Settings > Users & rights > Permission Management.
Select the user profile for which you want to disable 2FA.
In the Users and permissions section, deselect the permission Require MFA on login.
Click the Save button to save the changes.
In order to disable MFA for a specific user, MFA needs to be temporarily disabled for the user profile of that user. Follow the instructions below.
Go to
Settings > Users & rights > User Management.
Search for the user whose MFA needs to be reset.
Click on the account and check the user profile.
Go to
Settings > Users & rights > Permission Management to verify your permissions.
Select the user profile for which MFA temporarily needs to be disabled.
In the Users and permissions section, deselect the permission Require MFA on login and click the Save button at the bottom of the page.
Go back to
Settings > Users & rights > User Management and open the account of the user again.
Click the Reset button in the Multi-Factor Authentication section. The status of the MFA will now turn to disabled.
Go back to
Settings > Users & rights > Permission Management.
Select the user profile for which MFA was switched off.
In the Users and permissions section, reselect the permission Require MFA on login and click the Save button at the bottom of the page to save the changes.
Make sure you have an authentication app installed on your smartphone. For example DuoSec App or Google Authenticator App. Any MFA app that supports TOTP (Time-based One-Time Passwords) can be used.
Make sure the time on your phone and computer is synced. Otherwise, the generated code might be faulty.
Log in to your portal.
Click your name in the (right) top corner of the screen and click Edit profile to go to your account settings.
In the Multi-Factor Authentication section, click Enable.
Note
If this section is not available MFA is not available for your account. Contact your portal administrator for more information.
Scan the QR code and enter the 6-digit code your app generates.
Click Enable. You will be redirected to your account page.
Click Save to finish the setup.
Next time you log in to your account, you will be asked to provide the authentication code to successfully log in to Bynder.
Select your situation below.
Follow the steps below to reset your MFA.
Log in to your portal.
Click your name in the (right) top corner of the screen and click Edit profile to go to your account settings.
In the Multi-Factor Authentication section, click Reset.
Scan the QR code and enter the 6-digit code your app generates.
Click Enable. You will be redirected to your account page.
Click Save to finish the setup.
If Multi-Factor Authentication is enabled and the device used for the second authentication factor is no longer accessible, logging in is no longer possible and you will not be able to reset your MFA yourself.
Contact your portal administrator when you no longer have access to your device used for MFA. The admin can help you resetting your MFA. Once your MFA is reset, you can bypass the additional authentication for one time. After your first login, you may be prompted with a screen to re-enroll a device for MFA before you can start using the portal again.
Reach out to your portal administrator(s). They can assist you in disabling MFA for your account.