This guide is intended for customers who either do not have single sign-on (SSO) implemented, do not have Two Factor Authentication (2FA) enabled, or have 2FA enabled but not for all users.
Running a Data Validation report will give you all the information you need before enabling 2FA:
From the Data Validation report, you can learn:
- How to identify and correct missing Contact Email Addresses This is essential to identify any records that do not contain a unique contact email address as this is necessary for sending the one-time verification code
- How to identify and correct duplicate Contact Email Addresses
- Identify Leavers who still have an active Ciphr account
- View which Login Method is configured against all your records
- View which users have enabled and completed their Two Factor Authentication
Once the above steps are done, you are ready to enable 2FA for all users
Enabling the Data Validation - 2FA Export report
Let’s begin by enabling the Data Validation menu header under Specialist Reports and the Data Validation tile in the Role Management Actions menu for your chosen user role.
- Navigate to System > Security > User Role Management
- Select the user role that requires access to the Data Validation pages
- Select Pages from the Actions menu
- Search for ‘data validation’ to view all related pages
- Two pages will be returned in the search:
- Data Validation: This page enables access to the Data Validation menu header under Specialist Reports
- Role Management – Data Validation Access: This allows the tile to be visible in User Role Management, enabling the generation of reports for specific user roles
- Change both of these pages to Write Access
- Click Review Changes
- Click Update
- Click OK
You have now enabled the Data Validation menu header under Specialist Reports and the Data Validation tile in the Role Management Actions menu for your chosen user role.
- Click on your user role and select the Data Validation tile
- This page shows the data validation exports available to the user's specific role
- Change 2FA Export to Accessible to grant access to the 2FA Export
- Click Review Changes
- Click Update to confirm the change
- Click OK to apply the permissions for the user role to be able to run the data validation export
Running the Data Validation - 2FA Export report
- Navigate to Reporting > Specialist Reports > Data Validation
We suggest that you create a subset for the users that you wish to report on
- Click on the Subset button
- Create your Subset using the wizard. If you want to report on any users who have left your organisation and who might still have active Ciphr account, ensure you add Leavers to your Subset
- Once you have completed your Subset click on Export to download the report
Identifying missing contact email addresses from your Report
- Open the report from your downloads and click Enable Editing
- You will see the Contact Email Address in Column H and Missing Contact Email Address in Column O
- Click on the Filter button in the Missing Contact Email Address header
- Click on Yes to view any accounts that have a Missing Contact Email Address and OK
- All records with a missing Contact Email Address are shown
- Now that you have identified all the records with a missing Contact Email Address, go to Personal Details and update these records with a unique Contact Email Address that the user can use to receive their one-time verification code
Identifying duplicate contact email addresses from your Report
- Open the report from your downloads and click Enable Editing
- You will see the Duplicate Contact Email Address in Column P
- Click on the Filter button in the Duplicate Contact Email Address header
- Click on Yes to view any accounts that have a Duplicate Contact Email Address and OK
- All records with a Duplicate Contact Email Address are shown
- Now that you have identified all the records with a duplicate contact email address, go to Personal Details and update these records with a unique contact email address that the user can use to receive their one-time verification code
Identify Leavers who still have an active Ciphr account
- Open the report from your downloads and click Enable Editing
- You will see the Leavers - no account expiry in Column Q
You now need to change the formatting of any date related columns to display as a Short Date.
This can be done multiple ways in Excel, but for this example:
- Highlight Columns C, D, K & L (click on the header on Column C and then hold Ctrl and select header D, K & L to select multiple columns)
- Select Short Date from the General dropdown
- Click on the Filter button in the Leavers (no Account Expiry) header
- To view any Leavers with a Date Left from yesterday and a blank Account Expiry, select Yes
- Click OK
- All records displayed could still have access to the system if they have a Login Method of No Restrictions, Ciphr Login only or Trusted Login or SSO only
- We would then suggest that you deactivate any of these accounts
Viewing which Login Method is configured
against all your records
- Open the report and click Enable Editing
- Filter Column J to view the Login Methods for your records
You are now able to view everyone’s login methods.
If you want to change a Login Method, for example, you have identified records who have No Restrictions and they should be on Ciphr Login Only, you can update this via Bulk Change or individually.
Enabling Two Factor Authentication for all users
Two Factor Authentication is user-role specific, so any roles that you want this to be applied to, needs to be configured. Now that all the steps above have been actioned, you are now ready to enable 2FA for your users.
- This can be achieved by selecting System > Security > Role Management
- Click on the role name and then click on Details from the list of Actions presented
- Select the slider to enable Two Factor Authentication for that user role
- Click Review Changes
- Review the changes and click Update
- You will then return to the Role Management summary page, where you can see that Two Factor Authentication is enabled for that user
- Repeat the process for any other users
Viewing which users have enabled and completed
their Two Factor Authentication
Now that you have enabled Two Factor Authentication for your users, you can use this report to see who has or hasn’t yet set up their 2FA:
- Open the report and click Enable Editing
Use the filters as required to obtain the data you need, for example:
- Filter the data in Columns M to view which users have been set up to use Two Factor Authentication
- Filter Columns N to view which users whose 2FA set up has been completed
Comments
0 comments
Please sign in to leave a comment.