Page Table of Contents

Virtual MFA Setup
SMS MFA Setup
Important notes when using MFA
MFA Enforcement

Multi-Factor Authentication (MFA)

PractiTest Multi-factor authentication (MFA) provides users with an extra security layer in addition to the regular login process: username and password. Thus from now on, users will be protected from brute force and social engineering attacks. Find more information about MFA approach here

Users can easily enable MFA within Personal Settings

There are two types of MFA that PractiTest supports: Virtual MFA and SMS MFA

MFA Types

Virtual MFA allows users to log in by using two steps: entering username and password, then entering a code sent via the Google Authenticator app or any other application for TOTP authentication.

SMS MFA allows users to log in by using your regular credentials and an SMS code to the phone number provided during setup.

Virtual MFA setup

  1. Install Google Authenticator app or any other application for TOTP authentication to your smartphone
  2. Go to PractiTest’s Personal Settings - Click ‘here’ to enable MFA
  3. enable virtual MFA
  4. Insert your password and press ‘Enable’
  5. password virtual MFA
  6. Then enter the app you installed, press ‘+’ and Scan a barcode you see in PractiTest
  7. Paste the code generated by the Google Authenticator into the PractiTest code area
  8. verify code virtual MFA
  9. You will be redirected to the Personal Settings main page and will get the ‘MFA enabled’ pop-up message. Thus Virtual MFA will be enabled and every time you log in, you will need to enter a code generated in the app in addition to username and password

SMS MFA setup

  1. Go to Personal Settings - Click ‘here’ to enable SMS MFA
  2. enable SMS MFA
  3. Put your password and phone number where you will receive SMS codes
  4. enable SMS MFA
  5. Input an SMS code that sent to your phone number and press ‘Verify’
  6. SMS MFA verify
  7. You will be redirected to the Personal Settings main page and will get the ‘MFA enabled’ pop-up message. Thus SMS MFA will be enabled and every time you log in, you will need to enter a code generated in the app in addition to username and password.

 

Important notes when using MFA:

  1. When MFA enabled users should disable it first if they would like to change the password within Personal Settings.
  2. The ‘Forgot my password’ option is not available when MFA is enabled. Users should ask the account owner or support to reset it for them.
  3. In case an account owner resets the password for a user, MFA will be automatically disabled and the user will need to re-enable it after login.
  4. In case a user belongs to multiple accounts, he needs to contact support to reset his password if he doesn't want to disable MFA first.

MFA Enforcement (available for the unlimited plan only)

MFA enforcement allows account owners to enforce Multi-Factor Authentication upon all users residing in the account, and therefore provides an extra layer of security to the account’s data. In order to enable MFA enforcement, the account owner should press the ‘Switch on’ button under ‘Enforce all users to use MFA’ on the General tab of the Account Settings.

Enable MFA Enforcement

After MFA enforcement has been enabled for the account, on the first time users log into the system, they will need to choose an authentication method in order to continue (either Virtual or SMS MFA). After they chose an authentication method, users will have to use this method every time they log into the system.

Notes:

* If users are already logged in when the MFA is enforced, the enforcement will be applied only from the next time they are required to log in.

* MFA enforcement can't be enabled for users for whom SSO is enabled.

Next >>