The Authentication tab under Settings lets administrators set the organization's:
- Web session timeout
- MFA (multi-factor authentication)
Here, admins configure a session timeout for a single login to the Fordefi Web console - for all users in the organization. When the timeout has lapsed since the start of the session, the user is automatically logged off.
When a user belongs to more than one organization, the shortest timeout session defined for that user, across all organizations, is effective.
- The web console inactivity timeout is fixed at 24 hours. This means that even if you set the session timeout to be longer than 24 hours, then, for added security, the user will still be logged out if they are inactive for 24 hours.
- The web console timeout setting has no affect on the length of mobile sessions.
Here's how you set the web console timeout:
- In the web console, click Settings > Authentication.
- In the screen that is displayed, click Edit in the upper-right.
- In the field and list that open, specify the desired number of hours and minutes.
- Click Save.
MFA is optional for an organization and is activated globally by an administrator for all users in the organization. When activated, users must set up MFA for their account on their next login.
As part of the activation, admins can choose whether to enable the option “remember this device for 30 days” for users. If not enabled, MFA is required on every login.
To activate MFA:
- In the web console, click Settings > Authentication.
- Click Turn on MFA. Confirm the activation in the notification that is displayed.
- If you so choose, toggle on Remember this device for 30 days.
- The currently supported MFA method is TOTP (available through apps such as Google Authenticator or Yubico Authenticator)
- For security reasons, once MFA is turned on for an organization, it cannot be turned off. To reset MFA, contact Fordefi support.
You can easily add Fordefi to the applications in your organization that require authentication and authorization under Okta (SAML) SSO. Once integration is complete, users seeking to log in to Fordefi will be signed in seamlessly.
To enable this integation, please reach out to Fordefi Customer Service at support@fordefi.com. Provide us with the following information:
- The
client-idof your Okta application - The
client-secretof your Okta application - Your Okta domain (in the format:
my-domain.okta.com) - The domain(s) to be used for email redirection to Okta authentication
And let Fordefi do the rest!