| Panel | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 
 | ||||||||||
| Multi-Factor Authentication (MFA) is a security best practice that adds an extra layer of protection on top of a username and password combination. By requiring an additional authentication code from a trusted device, MFA safeguards access to a user’s account even if the password is compromised. There are various authentication methods to implement MFA. The Time-based One-Time Password (TOTP) algorithm is a popular and secure method that automatically generates an authentication code which changes after a certain period of time. TOTP has been adopted as Internet Engineering Task Force standard RFC 6238. | 
...
- As a user, download and install a TOTP compatible mobile app. For example, on Android and iOS, you can use Google Authenticator or Microsoft Authenticator. 
- In your Joget Workflow profile page, click on the Activate button in the Time-based One-time Password (TOTP) Authenticator property at the bottom of the form form. 
- A popup dialog will appear showing the secret key and a barcode. 
- Using the TOTP mobile app, scan the barcode or key in the secret key. The TOTP mobile app will create a new account. - Warning - Save the secret key in a safe place, in case you need to reactivate your account e.g. in case of a lost device. 
- Key in the current generated code displayed in the TOTP mobile app into the Password field and click on Submit. If the code is valid, MFA is will be activated. 
- On subsequent logins, you will be prompted for a TOTP code password. 
...
- As a user, you can disable MFA by clicking on the Deactivate button in your user profile. 
- Administrators can also disable MFA for a specific user by selecting the user under Setup Users and clicking on the Deactivate MFA button.