Multi-Factor Authentication (MFA)

Passportal supports multiple forms of MFA for users accessing the system.

Passportal supports the following methods:

  • Authenticator (iOS and Android) – This can be any authenticator that creates TOTP’s, such as Google Authenticator, Microsoft Authenticator, Authy, etc.
  • Timed One-Time Passcode (TOTP) generators such as Duo Mobile, Google Authenticator, or Microsoft Authenticator

MFA is enforced globally for Passportal - Each Site has its own ability to enable MFA, and configure their own individual preferences.

To configure MFA within Passportal:

  1. Navigate to Settings > General
  2. Select the Multi-Factor Authentication tab
  3. The Enable MFA toggle is set on and cannot be altered.

  4. Select the MFA Communication Method from the drop-down menu
  5. Enable the Allow Backup Utility (CLI) to bypass MFA option to allow commandline password export bypassing MFA using the Passportal Backup Utility
  6. Click Save when all settings are set as required

Click each heading below to expand each for further information on MFA Communication Method:

Resetting a Pro User's MFA

Where TOTP is configured for MFA, it is possible to reset a Pro User MFA via the Edit User dialog in Passportal - once reset, the user will be prompted to setup MFA the next time they attempt to log into Passportal.

  1. Click on the 3 dots menu in the Actions column of the user
  2. Click Edit User
  3. The Edit User dialog opens to the right
  4. Click the Reset Google QR Code button
  5. Click Save

Where Duo is being used for MFA: The Duo Admin will need to reset MFA for the user via the Duo Administrator Panel. Please refer to Duo's documentation for directions.