Configure Multi-Factor Authentication (MFA) Settings

 

PDQ's new identity/auth service is scheduled to go live on October 7th. This documentation is posted in advance of this release for planning purposes, and while we do not expect any major changes, it is not yet final.

Overview

Multi-Factor Authentication (MFA) is a security system that requires a second form of authentication to confirm a user’s identity before granting access. MFA is required by default. 

 

PDQ account owners and administrators can allow their users to choose their preferred MFA option from the three options below, or they can enforce a single option across their entire organization.



PDQ Auth currently supports three forms of MFA:

  1. Authenticator Apps
    Authenticator apps are third party applications used as a form of Multi-factor Authentication (2FA). Once linked to your account, after entering your password during login you will be prompted for a temporary, time-based one-time password (TOTP), which only remains valid for a brief period of time - typically 30 seconds. This code is required as a second authentication factor.

    Popular authenticator apps include Google Authenticator, Microsoft Authenticator, and 2FAS.
     
  2. WebAuthn
    WebAuthn is a hardware based security method, for example biometrics on a smartphone (facial recognition) or laptop (fingerprint).
     
  3. SMS
    SMS authentication requires a mobile phone number to be registered to the account. A temporary passcode is then sent via text message (SMS) to the number associated with the account during the login process and is required to be entered for authentication. 

How to Setup or Change MFA (as an individual user)

Users are not required to configure MFA on account creation. However, by default, all accounts require a 2FA method. If this is not changed by an administrator, users will be prompted to configure a valid 2FA method on their next login.

As an individual user, you can manually add an MFA method to your account through the portal by navigating to your profile: https://portal.pdq.com/profile.

In the MFA section, select an MFA method from the list of available methods. 


You will be prompted to authenticate with an existing method of MFA before continuing, and then you will be taken to the appropriate setup flow for the new method to complete setup. 


MFA Setup for Authenticator app:

MFA Setup for WebAuthN

MFA Setup for SMS

Once you have successfully added a MFA method, you will be redirected back to the portal. 
Upon next login, you will have the newly added method available to use as MFA verification.

Configure Login/MFA/OIDC Policy for your Organization

Was this article helpful?
Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.