What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication, sometimes called MFA or 2 Factor Authentication, is an additional security measure that can be applied to software systems to confirm a user’s identity. It helps to protect a user’s information from hacking, phishing attempts and stolen or lost passwords.
In Webexpenses the first factor of authentication is a user’s Username and Password. The second factor is obtained via an authentication app.
How to turn on MFA as an individual user
You can choose to set up MFA for your own individual profile in Webexpenses for any role within an organisation.
- Log into your Webexpenses account
- Navigate to My Settings in the top, right corner of the screen
- Choose Security from the drop-down menu
- Select Configure MFA
This will start the configuration process.
Configuring MFA as a user
Whether you have turned on MFA for your own profile or it has been turned on at a Company or Division level the first step is to configure your tool for providing the second authentication factor. If you have turned it on yourself, you will be navigated here directly, if it has been turned on by the company it will take you here on the next login.
You will see some instructions on the configuration screen to follow.
- Ensure that you have an authenticator app (such as Google or Microsoft Authenticator) on your mobile device (this can be downloaded from the relevant app store)
- Open the authenticator app
- Choose a method of authentication in the app, QR Code or Manual QR code
- Use app to scan QR code on screen
- A code will then be provided by the authenticator app
Manual
- Choose the Manual option
- Follow steps given to add an account name (Your own label)
- Enter the authentication key from the configuration screen
- A code will then be provided by the authenticator app
- Enter the code provided by the app in the box on the configuration screen
- Select Verify
Backup codes
After you have successfully verified the MFA configuration you will be taken to a screen with backup codes. These are the codes that you can use to login to the system should the device you authenticated with originally get lost.
If you lose your backup codes, you can generate new codes whilst logged in to Webexpenses.
- Navigate to My Settings in the top, right corner of the screen
- Choose Security from the drop-down menu
- Select Regenerate Backup Codes.
Entering MFA details
Once MFA is configured and verified for your user profile you will be asked to enter your MFA details on the next login.
Whilst on the MFA entry page open your authenticator app and enter the 6-digit code provided by the app against Webexpenses. Entering the correct code here will take you through to the system. On this page you can select not to be asked to do this process again for 90 days.
If you cannot authenticate via the app you can select to Try another way. This will take you to a screen where you can enter a backup code.
If you are still having challenges, please contact your internal Webexpenses administrator for assistance.
FAQ
Q. What authentication apps can I use?
A. The process should work with most authenticator apps including Google Authenticator, Microsoft Authenticator, Duo Mobile, LastPass Authenticator and Twilio Authy.
Q. What if I have lost my device?
A. If you have lost your device, you can use one of the backup codes provided when you configured your MFA. Simply select Try another way when asked for your MFA details and enter the backup code in the screen provided.
You should then configure MFA for your new device by going to My Settings and selecting Configure MFA.
Q. What if I lose my backup codes?
A. If you know you have lost your backup codes then log into Webexpenses as normal and go to My Settings and select Regenerate Backup Codes to create some new ones.
Q. What if I lose my device and backup codes?
A. If you lose both your device and backup codes then your MFA will need to be reset by your administrator. Contact your internal administrator of Webexpenses and ask them to reset MFA for your user profile.
On next login you will either be asked to configure the details again with your new device or need to go to My Settings and configure your MFA again.
Q. I’m concerned someone has seen my back up codes, what should I do?
A. In this situation log into Webexpenses as normal and go to My Settings and select Regenerate Backup Codes to create some new ones. This will instantly make any old codes invalid.
Q. How should I store my backup codes?
A. The best way to store backup codes securely is in a secure password manager or vault. Tools such as Keeper or LastPass offer secure storage for important information like this.