Multi-factor Authentication

Safeguard against potential unauthorized access to your tools

Multi-factor authentication (MFA) is a best-practice authentication method that improves security for user accounts and access requests. It adds an extra layer of verification beyond traditional username and password credentials.

Apono's implementation of MFA allows administrators to enforce additional authentication for specific access flows, particularly for sensitive environments or data.

When MFA is enabled for an access flow, you gain the following key benefits:

  • Enhanced security that blocks nearly 100% of automated account attacks

  • Access to Apono logs that record when MFA was performed

  • Support for all major authenticator apps


Enable MFA for an access flow

We strongly recommend enabling MFA for access requests to sensitive resources.

Once you have enabled MFA for at least one access flow, requesters will see a banner in the Apono UI prompting them to set up MFA for their accounts.

New Access Flow

Follow these steps to enable MFA for a new access flow:

  1. Begin creating a self serve access flow.

  2. After entering the Access Flow Name, click the Require MFA toggle to enable MFA for the access flow. The toggle will appear green when it is enabled.

  3. Complete the remaining access flow creation steps.

Existing Access Flow

Follow these steps to enable MFA for an access flow:

  1. In the row of the access flow, click ⋮ > Edit. The Edit Access Flow page appears.

  2. Click the Require MFA toggle to enable MFA for the access flow. The toggle will appear green when it is enabled.

  3. Click Save Access Flow. The completion page appears.

  4. Click Done.


Enable MFA for a requester account

If an administrator has enabled MFA for a resource you are requesting, you will need to enable MFA for your account.

Follow these steps to complete the integration:

  1. In the Apono UI, in the banner at the top of the page, click Set Up MFA. The Privacy & Security window appears.

You can also click your user avatar > Security & Privacy.

  1. Under Multi-Factor Authentication, in the Add Authentication App box, click Set up. The Multi-Factor Authentication popup window appears.

  2. Follow the on-screen prompts to complete the authentication setup. The MFA callout banner will disappear.

For any MFA-protected request, you will need to enter the six-digit code from your authenticator app. Your successful MFA will persist for an hour and apply to any requests made within this time.

\

Last updated