Configuring MFA settings

As tenant administrator, you use the MFA Settings tab at the bottom of the External Entities > Add New External Entity page to configure these settings:


Setting	Description
Enable MFA	Use these External Entities Multi-Factor Authentication (MFA) types: Time-based One-time Password (TOTP) if the user has already registered a device for MFA. Fast Identity Online 2 (FIDO2). Short Message Service (SMS).
Enforce MFA	If selected, at the login page, after logging in with first-factor authentication (user name and password), the user is checked for MFA registration. If not registered, the user is required to register for MFA at this point. If already registered, the user is challenged for a TOTP. After MFA is enforced, upon initial re-login, the user is prompted to register a device for MFA.
Account Lock Settings	This setting specifies the number of allowed failed login attempts before the user's account is soft locked. For example, if you set this value to 3, after three failed attempts, the user’s account is locked. Note: When the user's account is locked, an email is sent to notify the user that the account is locked. You can specify the amount of time before the user's account is unlocked. This setting is External Entity Management > Settings > Cloudsuite Identities Password Policies.
Authentication Method	The method of authentication supported by MFA is Email.

Note:

MFA providers are limited by the Landmark. You can use only TOTP and Email authentication methods for Landmark External Entity users.