What is Multi-Factor Authentication (MFA)?
MFA stands for "Multi-Factor Authentication." It is a security process in which a user is required to provide two or more different authentication factors to verify their identity when accessing a system, application, or online account. MFA is also sometimes referred to as Two-Factor Authentication (2FA).
MFA enhances security by adding an extra layer of protection. Even if someone knows your password (the first factor), they would still need access to your second factor (e.g., your smartphone or a code sent to your email address) to successfully log in, making it more difficult for unauthorized individuals to gain access to your accounts.
Why is MFA being made mandatory now?
We are taking a proactive approach to safeguard IoT ecosystem for our clients and use security best practices to enhanced accounts protection, prevent unauthorized access, protect sensitive data and meet regulatory security compliance
When is this happening?
We will begin enforcing MFA for small groups of customers in November 2023. By February 29 2024, mandatory email-based MFA will be required for all our clients.
Do I need to take any action now?
You don't need to take any immediate action. In the coming months, MFA will become mandatory for all users. Once it becomes mandatory for your organization, you will receive an email with a code when you log in.
How can we enable or disable TOTP MFA for a specific user?
Please visit our Documentation page and follow the steps.
Email based MFA cannot be disabled.
I am using my emnify credentials in OpenVPN or for API authentication. What do i need to do?
OpenVPN works with MFA enabled. No further steps are required
If you currently use emnify credentials for your API authentication, we highly recommend transitioning to the use of an application-token to enhance your security. Using credentials for API authentication will not be supported starting March 2024.
Which MFA methods are supported by emnify?
Emnify supports the following methods:
- Email-Based MFA (Default method): An email with a one-time code or a link to authenticate the user is sent to the user's registered email address.
- Time-Based One-Time Password (TOTP) MFA: Users generate one-time codes using an authenticator app (e.g., Google Authenticator, Authy) that refreshes the code every 30 seconds. The user enters the current code from the app during the login process.
What to do in case of MFA related issues?
If you are not receiving the MFA code via email, please check your spam folder, or for any restriction rules with your email provider.
For other MFA related issues please contact mfasupport@emnify.com.
Before contacting us, please read the following notes carefully:
-
- Any request not related to MFA issues will not be answered.
- The email address used to contact us must match the email address used in the emnify portal. We will not work on requests affecting different usernames
- Email-based MFA cannot be disabled.
- MFA related issues are verified by our team during German business hours. You or any administrator in your organization may be contacted by a member of emnify to verify your request.
Comments
4 comments
Hello ,
Does MFA affect us as a user to connect to our emnify portal or it is affect all SIM we use and devices in wich that SIM work, we use your SIM in GPS TRACKERS and it is not possible to physicaly aproach them because they are all over europe, so i am just interested wich end is affected by MFA ?
Me as one user to aproach my account (to se and manage all 300SIM) or every active SIM in remote devices?
Thanks
Hello,
I'm wondering about OpenVPN. When I manually enable MFA openvpn connections are not working anymore (there is also a warning about that in the emnify portal).
So when you enable the MFA, are you sure that OpenVPN will continue to work?
Thanks
Hi Dusan,
SIMs will not be affected. the MFA is only enforced when logging via username/password into the portal or to the API.
There's no need to change anything on the SIM cards
Hi Dirk,
OpenVPN will not be affected when you enable MFA in the portal because it is still using the old auth API.
If anything is still not clear, please do not hesitate to submit a support ticket using the link in the upper right corner (submit a request), and please provide a detailed description of the issue.
Please sign in to leave a comment.