Multi-Factor Authentication
ROQ provides an additional layer of protection, which is Multi-Factor Authentication or called MFA. With this security enhancement, you can use your phone number as additional authentication.
MFA SMS Setup
A few steps must be done on the ROQ Console before using the Multi-factor Authentication with SMS.
Enable SMS Integrations
To utilize MFA through SMS on ROQ, you must enable SMS integration in the ROQ Console. The SMS integration can be done by going to the Integrations → SMS menu and activating the integrations.
Please note that at least one active SMS integration is required.
Enable MFA on Authentication Configuration
The next step is to enable MFA on the registration or login form in the ROQ Console.
Go to the Authentication → Configuration. You can enable MFA for each registration form variant by selecting the Two-factor Authentication flag.
This configuration will impact new users who register. To implement MFA for existing users, please follow the next steps.
Enable MFA for Existing Users
To activate Multi-factor Authentication for existing users, you must turn on the ROQ Console's user MFA option. Navigate to the Users & Access → Users section and choose the specific users you wish to enable MFA.
Two settings require attention:
- Two-factor Authentication: Enable this option to apply MFA to the selected user.
- Phone: Enter your phone number, which will be used to send the OTP for login verification.
Users will have the Multi-factor Authentication feature once the above steps have been completed.
MFA for Existing Users
Next, when the existing users with MFA enabled try to login, the user will be asked to enter a verification code. The user workflow can be described in the steps below:
Enter OTP
ROQ will send a One-Time Password or OTP for login verification to the user phone number registered on the ROQ Console (Step 3 on MFA SMS Setup above).
You can also change the number if you have entered the wrong phone number by clicking the Change phone number.
Recovery codes
Users with successful verification will get the recovery codes, which can be saved through manual copy-paste or downloading the recovery codes file.
The recovery codes will only be displayed once. Please ensure you keep them safe and confidential.
MFA for New Users
For a new user, MFA will be applied after successful registration. The user workflow can be shown in the steps below:
Enter Phone Number
After registering successfully, new users will be prompted to provide their phone number to receive an OTP SMS as additional authentication.
At present, it is necessary to include both the phone number and its corresponding international code.
Enter OTP
The following steps are the same for existing users. You will need to enter the OTP into the MFA form for verification.
Recovery Codes
You will receive a list of recovery codes and you should backup by copying and pasting or downloading the recovery codes file.
Again, please ensure you keep them safe and confidential.
Disable MFA
If the Two-Factor Authentication flag is turned off in the ROG Console authentication settings. In that case, users will not need to verify their login even if they have MFA enabled.