Who is this article for?

Administrators who want to learn to manage Access security and MFA.

Administrator permissions are required.

The Security page lists all the security settings for the Lucidity Application.

1. Security

• Enable two-factor authentication via email.
• Set the period of time users are remembered before they have to complete two-factor authentication again.

2. Multi factor authentication

• Two factor authentication (2FA) via email is available for Lucidity user accounts is available in Version 17.61 and newer. This is a major improvement to the security of Lucidity accounts.
  To learn more about the benefits of 2FA see this article on TechTarget's website.
• Once 2FA is enabled when a user logs in they will be asked to retrieve a verification code that's been emailed to them. They are then required to enter the code and providing it's valid and correct they will be signed in.
• Users have the option to check the Remember me check box so that they only have to enter the verification code every 14, 30, or 60 days. The number of days can be configured in the Access Module. 
• 2FA can be enabled and the remember me number of days can be configured via the new Security page in the Access Module.

3. Enabling 2FA via email

1. Prepare user accounts
   • Ensure all user accounts have an associated email address.
   • Add emails manually via Edit People or in bulk using the Public API.
   • See Update the fields on an existing user in SwaggerHub for bulk updates.
   • Without email addresses, users will not be able to log in and use Lucidity.
2. Identify accounts without emails
   • Go to the Users page in the Access module.
   • Export the user list to CSV or Excel.
   • Filter out accounts without email addresses.
3. Notify users
   • Inform users about the upcoming 2FA implementation.
   • Explain that they'll need to enter an emailed verification code when logging in.
   • Communicate the benefits of 2FA to reduce potential frustration.
4. Check permissions
   • Ensure the person enabling 2FA has a role with the Security Manage privilege.

5. Navigate to 2FA settings
   • Go to the Access Module.
   • Select Security in the left navigation.
6. Enable 2FA
   • Check the Enable Two Factor Authentication via Email checkbox.
   • Set the Remember me option (recommended: 30 days).
   • Click Save to activate 2FA.

7. Understand the "Remember me" feature
   • This setting applies per device.
   • Options are 14, 30, or 60 days.
   • Users need to select it on each device they use.
   • It reduces how often a user has to enter a verification code.

8. Monitor the 2FA process
   • Users will be asked to check their email for a verification code when logging in.
   • An example of the verification email is provided in the user guide.
9. Manage 2FA post-implementation
   • Monitor user feedback and address any issues.
   • To disable 2FA if needed:
     • Return to the Security settings.
     • Uncheck the Enable Two Factor Authentication checkbox.
     • Click Save.
10. Remember key points
    • Valid email addresses are essential for all users to receive verification codes.
    • The Remember me setting is device-specific.
    • Regularly review 2FA implementation and user feedback.

4. Further reading

• Managing Access settings
• Managing Access profiles
• Managing Access notifications