Configure Settings

The Configure Settings page is displayed when the Settings link is selected from the Navigation Menu. This page allows you to configure Multi-Factor Authentication administrator settings.

 

To set your settings:

  1. Specify or modify any of the settings.

  2. Click the Save button.

 

Feature

Description

Use Multi-Factor Authentication for the Management Portal login

Check (or uncheck) the Use Multi-Factor Authentication for the Management Portal login checkbox.

 

Note: When checked, this option will place a Multi-Factor Authentication call to each administrator each time he or she attempts to log in to the website. The default is checked.

 

Mode

Select either Standard Mode, PIN Mode, or Voiceprint Mode from the drop-down list.

 

Note: If PIN mode is selected, then the administrator will be prompted to enter his or her PIN during the Multi-Factor Authentication call.  If Voiceprint mode is selected, then the administrator will be prompted to say a specific phrase to confirm their voiceprint.

 

Phone Call Language

Select the language that Multi-Factor Authentication call messages should be spoken in.

 

Allow X attempts during Multi-Factor Authentication call

Check (or uncheck) the Allow X attempts during Multi-Factor Authentication call checkbox.  If checked, specify a number of attempts users are given to correctly enter their PIN or press # to complete the authentication.  This saves users from having to hang up, re-enter their username and password, and answer another Multi-Factor Authentication call if they make an incorrect entry.  The default is unchecked.

 

Provide menu of options during Multi-Factor Authentication call

Check (or uncheck) the Provide menu of options during Multi-Factor Authentication call checkbox.  If checked, users will have access to the phone menu where they may be able to change their phone, change their PIN, or report fraud.  If unchecked, the phone menu will not be available.  The default is checked.

 

Say extension digits when prompting for extension (Server/SDK only)

Check (or uncheck) the Say extension digits when prompting for extension checkbox.  If checked, the person who answers the call will be prompted to dial the extension.  This is useful when a receptionist answers the call and needs to manually transfer it to the proper extension.  The default is unchecked.

 

Note:  When checked, the saying of extension digits will be on for all calls that involve an extension.  DTMF digits will still be played.  Alternatively, extensions can be configured in the Multi-Factor Authentication Server to include an @ prefix so that the saying of extension digits is only on for specific extensions and that DTMF digits are suppressed for those extensions.

 

Caller ID Phone Number

Specify a phone number to be displayed as Caller ID during Multi-Factor Authentication calls.  The advantage of this setting is that users will see a familiar phone number on their phone when they receive a Multi-Factor Authentication call.

 

Default One-Time Bypass Seconds

Specify the number of seconds a one-time bypass may be used before it expires.  This will be used by default for one-time bypasses unless overridden at the time the bypass is requested.  The default is 300 seconds (5 minutes).

 

Two-Way Text Message Timeout Seconds (Server/SDK Only)

Specify the number of seconds a user has to respond to a two-way text message.  The default is 60 seconds.

 

Block Global Services for all users

Check (or uncheck) the Block Global Services for all users checkbox. If checked, calls which would result in a global services charge will not be placed and Multi-Factor Authentication will be denied for these phone numbers. The default is unchecked.

 

Only allow voiceprint enrollment from User Portal

Check (or uncheck) the Only allow voiceprint enrollment from User Portal checkbox.  If checked, users with no voiceprint or with their voiceprint reset will only be able to enroll a new voiceprint from User Portal.  If the user attempts to sign on to an application, the authentication call greeting will inform them that they must enroll in User Portal first.  The default is unchecked.

 

Number of Voiceprint Samples to Collect

Select the number of samples to collect when a user enrolls their voiceprint.  The authentication call will prompt the user to say a specific phrase for each sample.  The default is 3.

 

Allow users to submit Fraud Alerts

Check (or uncheck) the Allow users to submit Fraud Alerts checkbox. If checked, users will be able to report fraudulent access to their account from the phone menu. The default is unchecked.

 

Block user when fraud is reported

Check (or uncheck) the Block user when fraud is reported checkbox. If checked, the user's phone number will be blocked so that subsequent Multi-Factor Authentications will be denied immediately. The default is checked.

 

Code To Report Fraud During Initial Greeting

Specify the digits that users may enter to report fraud during the initial greeting.  The initial greeting recording should be modified to instruct users to authenticate (PIN or #) or report fraud by entering this code followed by the # sign.  This makes the ability to report fraud more apparent to users than the fraud option in the phone menu.

 

Note: If using PIN mode, the minimum PIN length should be set greater than the length of the fraud code.  This will prevent users from setting a PIN equal to the fraud code.

 

Lock user account after X consecutive Multi-Factor Authentication denials

Check (or uncheck) the Lock user account after X consecutive Multi-Factor Authentication denials checkbox.  If checked, specify the threshold of denied authentication attempts that will cause the user's account to be locked.  The default is unchecked.

 

When the threshold is reached, the user's phone number will be blocked, preventing the user from authenticating.  The phone number will remain blocked until it is either manually unblocked or automatically unblocked after a specified number of minutes when Unlock account after X minutes is configured.

 

Note:  Account Lockout settings only apply to users in PIN mode, Voiceprint mode, or Text Message Two-Way OTP + PIN mode.  User input must be received to count as a denial.

 

Reset account lockout counter after X minutes

Check (or uncheck) the Reset account lockout counter after X minutes checkbox.  If checked, specify the number of minutes after a denied authentication attempt the account lockout counter will be reset to 0.  The default is unchecked.

 

Unlock account after X minutes

Check (or uncheck) the Unlock account after X minutes checkbox.  If checked, specify the number of minutes after a user's phone number is blocked due to the account lockout threshold that the phone number will be automatically unblocked.  The default is unchecked.

 

Enable replication between servers

Check (or uncheck) the Enable replication between servers checkbox.  If checked, the designated master server will attempt to replicate the data file to all slave servers in the same group.  If replication is not being used, this should be unchecked to prevent servers from making unnecessary attempts to contact each other.  The default is unchecked.

 

Note: When more than one group exists and the group tree is displayed, Replication settings will not be available at the company level and must be configured at the group level.

 

 


Multi-Factor Authentication™ Management Portal

Last modified:  21-Oct-2013