Multi-factor authentication

Your organization can choose whether to require multi-factor authentication (MFA) when users sign in to your ReliaSoft Cloud site. Keycloak® (the third-party tool that manages authentication and permissions for ReliaSoft Cloud) supports one-time password (OTP) mobile authentication using FreeOTP, Google Authenticator or Microsoft Authenticator.

This topic includes information for site admins. Information about what the users need to do are in the Your user account topic.

Assign a user to configure OTP

As a site admin, you can assign the OTP requirement for any user account at any time.

1. While signed in to ReliaSoft Cloud with an account that has the "tenant-admin" role, click Site settings > Users to open Keycloak's interface to manage users.
2. On the Details tab when creating a new user or viewing an existing user:
   1. Click the Required user actions drop-down and select "Configure OTP."
   2. Click Save.
3. Notify each affected user that they will see the "Mobile Authenticator Setup" screen upon their next attempt to sign in to ReliaSoft Cloud. User instructions are in the Your user account topic.

Remove or reset OTP requirement for a user

You can also remove the requirement at any time.

1. Open the user’s account in Keycloak.
2. If the user has NOT completed the mobile authentication setup:
   • Go to the Details tab, remove "Configure OTP" from Required user actions and click Save.
3. If the user HAS completed the mobile authentication setup:
   • Go to the Credentials tab and delete the row of Type = Otp. This will remove the requirement for this user unless/until you add it again.

Tip: If you remove the requirement and then add it again later, the user must complete the setup again with a new account in their authenticator app. Codes generated by the old account will be "invalid" for sign-in.