Multi-factor authentication (MFA) - also sometimes referred to as two-factor authentication (2FA) - uses two independent authentication factors, such as knowledge (password), possession (physical object) and inherence (biometric features), to verify a user's identity. This increases security as multiple factors are required to grant access, reducing the risk of unauthorized access.
Before logging into your Xentral instance, multi-factor authentication requires that two different and independent forms of identification are presented, for example a one-time password (OTP) that is only valid for a single session or transaction. An app on a smartphone such as Google Authenticator can be used, to generate a password that is valid for a limited period of time.
You can use one of the widespread authentication apps Google Authenticator or Microsoft Authenticator.
Downloading an app:
-
Open the App Store (on iOS devices) or the Google Play Store (on Android devices).
-
Download and install Google Authenticator or Microsoft Authenticator.
Setting up multi-factor authentication during the next regular login:
-
Go to the login page of your Xentral instance.
-
Log in with your email and password or using your Google account.
-
When you log in for the first time, a QR code will be displayed. Scan this code with your authenticator app.
Optional: If a scan is not possible, you can request a code.
-
The app automatically adds the account and starts generating one-time passwords.
-
Enter the one-time password from the app in the Xentral login to complete the login process.
Important
Make sure you securely store all recovery codes that are provided during the setup process. These codes are important in case you lose access to your device.
Proceed as follows to set up multi-factor authentication for all users of your Xentral instance.
-
Go to Settings > General settings > User management > Multi-Factor Authentication.
-
Activate the option Multi-factor authentication enabled.
All users of your Xentral are now required to use multi-factor authentication when logging in.
-
Once the option is activated, admins may exempt individual users of their instance from the MFA requirement. This may be necessary, for example, for shared Xentral accounts used by warehouse staff for which a multi-factor authentication requirement would be an unnecessary burden.
Caution
Please note that removing the multi-factor authentication requirement for individual users may pose a risk to data protection and privacy. We recommend limiting the scope of authorization for these excluded users by restricting their user rights.
-
Admins also have the option of resetting the multi-factor authentication settings for individual users. This is necessary, for example, if the user has lost the device with which they performed multi-factor authentication or if a new device has been purchased.