Multi-factor authentication and M-Files
Posted by Zachary Wick (M-Files) on 04 February 2019 09:14 PM
This document will describe how multi-factor authentication can be used with the M-Files system. Multi-factor authentication is using two or more factors to authenticate a user. This can be in the form of two separate passwords, an emailed or IM'ed code along with a password, or even a time sensitive link sent to the user. This increases security and greatly reduces the chances of having unauthorized access to systems.
This table explains the essential, subject-specific terminology and acronyms used in this document.
Please make sure your environment meets these requirements before moving forward.
Your IdP must support multi-factor authentication.
Setting up multi-factor authentication can vary from IdP to IdP. Specific instructions for how to set up multi-factor authentication should be provided by your IdP. Sample instructions and information for how to set up Azure multi-factor authentication can be found in the following link https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
After multi-factor authentication has been set up through your IdP, M-Files will then work with this seamlessly. This is because whenever you try to log into M-Files, a query goes out to the IdP to authenticate the user, it then confirm that multi-factor authentication is in place and makes the multi-factor authentication request. After the user provides a good authentication code, the request is then handed back to M-Files saying the user is authenticated. M-Files does not control the multi-factor authentication process at all. M-Files just waits for the IdP to tell whether the user is authenticated or not.
M-Files can utilize multi-factor authentication in its system with any IdP that provides multi-factor authentication cleanly and seamlessly.
4. Reference Documents
You may want to see these articles for additional information: