Configuring MFA on a tenant

Explore MFA configuration options that Authorization Control Plane (ACP) offers for your tenant. Learn how to handle the MFA settings on the tenant level so that all the workspaces available for a particular tenant share the same MFA configuration. Set up e-mail and phone delivery using either Cloudentity-native solutions or your own Twilio/SMTP providers.

Tenant-level MFA in a nutshell

Tenant-level MFA configuration allows you to manage global MFA settings shared by all the workspaces under a given tenant. On the tenant level, you can enable specific MFA authentication factors (phone and/or email) and customize the SMS and e-mail providers. You can also immediately test your configuration by sending a test e-mail or SMS message.

To ensure ease of use, Cloudentity acts as the default service provider sending both SMS and e-mail messages. You only need to get involved in the configuration if you want to customize the message or change the service provider to Twilio (in case of SMS verification) or use a custom Simple Mail Transfer Protocol (SMTP) server (in case of e-mail verification).

On the workspace level, you can handle all local, workspace-specific settings.

Read more

For more information on how to configure MFA for your workspace, see Transactional MFA with ACP.

For more details on what MFA is and why it’s a good idea to have it, read about MFA in a nutshell.

Prerequisites

  • Access to an ACP tenant

Configure MFA for your tenant

Setting up MFA on the tenant-level requires

  1. Enabling MFA on the tenant

  2. Setting up the providers of the MFA method(s) in use

Enable MFA on the tenant

  1. Go to Workspaces -> MFA Settings.

  2. Enable the MFA methods on a tenant (Phone Verification and/or Email Verification).

  3. If your e-mail or SMS providers are not yet configured, set them up as described below.

Set up the SMS MFA verification

  1. Go to MFA Settings -> Phone verification and pick the SMS provider that’s going to send you verification codes.

    • CLOUDENTITY - Cloudentity’s default SMS provider
    • TWILIO - Twilio SMS communications platform
  2. Set up details for the selected delivery provider:

    • Cloudentity
    Parameter Description
    Verification message Custom message including the OTP shared with the user. Refer to OTP through a variable, as in [[OTP]].
    OTP lenght Length of the OTP being issued.
    OTP expiration How long the OTP remains valid.
    • Twilio
    Parameter Description
    Twilio SID Your Twilio account ID.
    Twilio Auth Token Your Twilio Auth Token. For details, see Twilio support documentation.
    Verification message Custom message including the OTP shared with the user. Refer to OTP through a variable, as in [[OTP]].
    Source Custom OTP sender’s number.
    OTP lenght Length of the OTP being issued.
    OTP expiration How long the OTP remains valid.
  3. Save your changes.

    Test phone verification

    In the Send test message section, you can check if your setup works fine and your text message displays as expected. Enter the Recipient number and hit Send.

Set up the email verification

Set up the SMTP server either by using the Cloudentity out-of-the-box solution, or connect your own SMTP server.

  1. Go to Workspaces -> MFA Settings -> Phone verification and pick the SMTP server to be used for sending emails. Choose between

    • CLOUDENTITY - Cloudentity’s SMTP server
    • CUSTOM SMTP - your own SMTP server
  2. Set up details for the selected delivery provider:

    • Cloudentity SMTP server
    Parameter Description
    Sender friendly name Custom sender address.
    Email subject Custom e-mail title.
    Verification message Custom verification message - you can enter your custom e-mail template here. Refer to OTP using a variable, as in [[OTP]].
    • Custom SMTP server
    Parameter Description
    SMTP Auth mechanism Select the auth mechanism used by your server.
    SMTP host Provide the host name of your server.
    SMTP port Provide the port of your server.
    Username Username used to authenticate to the SMTP server.
    Password Password used to authenticate to the SMTP server.
    Sender friendly name Custom sender address.
    Email subject Custom e-mail title.
    Verification message Custom verification message - you can enter your custom e-mail template here. Refer to OTP using a variable, as in [[OTP]].
  3. Save your changes.

    Test e-mail verification

    In the Send test message section, you can check if your setup works fine and your email message displays as expected. Enter the address of the Email recipient and hit Send.

  4. Having configured the tenant-level MFA, proceed to configuring MFA on a workspace level.