Multi-Factor Authentication (MFA)
Page Table of Contents
PractiTest Multi-factor authentication (MFA) provides users with an extra security layer in addition to the regular login process. With MFA activated, users will be protected from brute force and social engineering attacks. Find more information about the MFA approach here.
Users can easily enable MFA from the Personal Settings.
There are two types of MFA that PractiTest supports: Virtual MFA and SMS MFA
Virtual MFA allows users to log in by using two steps: entering a username and password, then entering a code sent via the Google Authenticator app or any other application for TOTP authentication.
SMS MFA allows users to log in by using their credentials and an SMS code to the phone number provided during setup.
Virtual MFA setup
- Install the Google Authenticator app or any other application for TOTP authentication on your smartphone.
- Go to PractiTest’s Personal Settings - Click ‘here’ to enable MFA.
- Insert your password and press ‘Enable’.
- Then enter the app you installed, press ‘+’ and Scan a barcode you see in PractiTest.
- Paste the code generated by the Google Authenticator into the PractiTest code area.
- You will be redirected to the Personal Settings main page and will get the ‘MFA enabled’ pop-up message. Thus Virtual MFA will be enabled and every time you log in, you will need to enter a code generated in the app in addition to username and password.
SMS MFA setup
- Go to Personal Settings - Click ‘here’ to enable SMS MFA.
- Put your password and phone number where you will receive SMS codes.
- Input an SMS code that sent to your phone number and press ‘Verify’.
- You will be redirected to the Personal Settings main page and will get the ‘MFA enabled’ pop-up message. Thus SMS MFA will be enabled and every time you log in, you will need to enter a code generated in the app in addition to username and password.
Important notes when using MFA:
- When MFA is enabled users should disable it first if they would like to change the password within Personal Settings.
- The ‘Forgot my password’ option is not available when MFA is enabled. Users should ask the account owner or support to reset it for them.
- In case an account owner resets the password for a user, MFA will be automatically disabled and the user will need to re-enable it after login.
- In case a user belongs to multiple accounts, he needs to contact support to reset his password if he doesn't want to disable MFA first.
MFA Enforcement (available for the Corporate plan only)
MFA enforcement allows account owners to enforce Multi-Factor Authentication upon all users residing in the account and therefore provides an extra layer of security to the account’s data. In order to enable MFA enforcement, the account owner should press the ‘Switch on’ button under ‘Enforce all users to use MFA’ on the General tab of the Account Settings.
After MFA enforcement has been enabled for the account, the first time users log into the system, they will need to choose an authentication method in order to continue (either Virtual or SMS MFA). After they chose an authentication method, users will have to use this method every time they log into the system.
* If users are already logged in when the MFA is enforced, the enforcement will be applied only from the next time they are required to log in.
* MFA enforcement can't be enabled for users for whom SSO is enabled.