Increase security by allowing employees to choose their multi-factor authentication, either security questions or Google Authenticator. This MFA works with your employees’ current authentication to help ensure the person is who they say they are.
Important Information
This only applies if you’ve moved to the latest ASSP.
With this setup, you’ll give your employees the choice of using Google Authenticator or security questions for their MFA. This is the best option if some people in your workforce don’t have smartphones and need to access Avanti on the go.
Since security questions have proven to be a less effective security solution, employees will be prompted to use their Google Authenticator if it’s set up.
Want to learn more about MFA before getting started? Check out the Multi-Factor Authentication Overview for more information.
Before setting up MFA, you’ll need to make a couple of decisions.
Decide when employees should use MFA to confirm their identity. You can have them use it when:
Signing into the Avanti Desktop, ASSP, and Avanti Go.
Changing their security options in ASSP.
Changing their password on ASSP.
Set how many questions employees must create and how many they must answer.
Determine whether you’d like employees to create their own questions.
Determine whether you’d like to create the question and what the questions will be.
Decide how often users need to use MFA when signing in on their last device and a different device.
How to Set up MFA
Step 1: Open Avanti Self-Service Portal Security Settings in the Avanti Desktop and select the Multi-Factor Settings tab.
By default, this can be found in Web Services >> Installation and Maintenance.
Step 2: Select Enable Multi-Factor Authentication.
Step 3: Choose when you’d like employees to use MFA to confirm their identity.
Multi-Factor Required to Login: Select for employees to use MFA when signing into ASSP, the Avanti Desktop, and Avanti Go.
Multi-Factor Required to Change Security Options: Select for employees to use MFA before changing their ASSP settings.
Multi-Factor Required to Reset Password: Select for employees to use MFA before changing their password on ASSP.
Step 4: On the Multi-Factor Persistence tab, select Enable Multi-Factor Authentication Persistence if your employees don’t need to use MFA for a while after authenticating.
Want your employees to use MFA each time they sign into Avanti? Skip to the How to Setup the Authenticator App and Security Questions section below.
Additional Information
We recognize employees using the same browser on the same computer who haven’t cleared their cookies.
Step 5: In Days Before Multi-Factor Required, enter the number of days before employees need to use MFA again when signing into ASSP.
Additional Information
We recognize the employee across all their devices after their first login on the device.
For example, if you set this to seven days, and a new employee uses MFA to log into ASSP on their laptop Thursday and on their phone Monday. In this case, they won’t use MFA again on either device until the following Monday.
Step 6: In Days Before Persistence Expires, enter the number of days before employees need to use MFA to sign into ASSP after they last used it on that device.
Great! You’re now ready to set up the type of MFA employees use.
How to Setup the Authenticator App and Security Questions
Step 1: On the Multi-Factor Settings tab, select Require One or the Other.
Step 2: In Authenticator Threshold, enter the allowed time difference in minutes between the phone with Google Authenticator and the Web Server.
Additional Information
While most people opt to use the carrier time on their phone, the threshold provides a buffer in case their phone is a few minutes off. We recommend setting the Authenticator Threshold to 5. The larger this threshold is, the less secure it is.
There’s no need to worry about your employee’s time zones; we adjust for that.
Step 3: On the Secret Questions tab, enter the number of questions employees must set up in Minimum Number of Secret Questions.
Step 4: Enter how many questions employees must answer in Number of Questions Asked.
Additional Information
This must be less than the Minimum Number of Security Questions.
Step 5: Select Allow Custom Secret Questions to allow employees to set up their own security questions.
Step 6: Decide whether you’d like to create a list of security questions for your employees to answer.
Additional Information
If you don’t select Allow Custom Secret Questions, you need to create a list of questions for your employees.
If you’re creating security questions for your employees to answer, go to How to Create a List of Security Questions.
Step 7: Select OK to save your changes.
Great! You’re all done. Next time your employees sign in, we’ll guide them through creating their questions.
Additional Information
Are you using Microsoft Single Sign-On with Azure’s MFA to authenticate some of your employees? Prevent these employees from having to enter their MFA info twice by disabling Avanti’s MFA for them. Go to Disable Avanti MFA When Using Microsoft Sign-On for more information.
How to Create a List of Security Questions
Make security questions easier for your employees to create by including a list of questions for them to choose from.
Additional Information
If you didn’t select Allow Custom Secret Questions, you need to create a list of questions for your employees.
Step 1: Select Insert.
Step 2: Enter the English version in Question and the French version in French Question.
Step 3: Select when the question appears in Sort Order, then select OK.
Step 4: Repeat Steps 1 to 3 for each question you’d like available for employee selection.
Step 5: Select OK to save your changes.
Well done! The next time your employees sign in, we’ll guide them through setting up security questions.
Are you using Microsoft Single Sign-On with Azure’s MFA to authenticate some of your employees? Prevent these employees from having to enter their MFA info twice by disabling Avanti’s MFA for them. Go to Disable Avanti MFA When Using Microsoft Sign-On for more information.