Overview

Multi-factor authentication (MFA) is a security measure that requires more than one authentication method to verify a user’s credentials. MFA is a two-factor authentication method, that provides additional security for authorization to access a system. MFA is known as the gold standard in security access and helps protect sensitive accounts, and data as the authentication requires password, PIN, or One-Time Password (OTP).


On the StreamOne® Ion platform, you can access the platform using the Multi Factor Authentication (MFA) methods. MFA enhances security as users are required to identify themselves using more than one username and a password. Using MFA, you and your Customers’ digital assets are protected with an extra layer of security. 


To enable MFA on your ION Account, you are required to create a support ticket. 


 

User journey includes the following topics

For more detailed view of the process, please see the educational video Multifactor Authentication.

Points to remember: 

  • Client IP Address: If a user signs in from a different IP address, they are prompted for MFA. 
  • User Agent (Browser): If a user signs in from a different browser, they are prompted for MFA. 
  • Duration from last MFA: Irrespective of the Client IP address or Browser, the user is prompted for MFA, if the time lapse is more than 24+ hours since the last successful MFA. 
  • Invalid Code: User is limited to 5 attempts to input the correct verification code. After the 5th attempt, the user is restricted platform access for 10 minutes to prevent unauthorized access.

Accessing the platform using MFA through WhatsApp


To access the platform using WhatsApp


1.   Sign in to the StreamOne® Ion platform.


The Sign in page is displayed.



2.   On the Sign in page, enter the Username, Password, and then click LOGIN



3.   On the Setup MFA page, for the WhatsApp MFA setup perform the following actions. 


a. (1) select the Receive verification code via option WhatsApp from the dropdown list. 


b. (2) select the country code.


Note: This page is displayed for the first Sign in attempt to setup MFA, and after reconfiguring MFA.

c. Enter the mobile number to receive the WhatsApp verification code.


d. After the details for WhatsApp option are configured, click VERIFY


Note: A verification code is received via WhatsApp, that is valid for 10 minutes.

4.   On the Setup MFA page, enter the received verification code, and then click CONFIRM MFA SETUP


Note: If required, click Change phone number to modify the previously entered mobile number or click Resend to receive a new verification code. If the user clicks Resend within 10 minutes, the same verification code is received for the second time.

5.   On the MFA Setup Complete page, click CONTINUE



The Business Overview Partner landing page is displayed. 


Accessing the platform using MFA through a Text Message


To access the platform using Text Message


1.   Sign in to the StreamOne® Ion platform.


The Sign in page is displayed.



2.   On the Sign in page, enter the Username, Password, and then click LOGIN



3.   On the Setup MFA page, for the Text Message MFA setup, perform the following actions.


a. (1) select the Receive verification code via option Text Message from the dropdown list. 


b. (2) select the country code. 


Note: This page is displayed for the first Sign in attempt to setup MFA, and after reconfiguring MFA.  

c. Enter the mobile number to receive the Text Message with a verification code. 


d. After the details for the Text Message option are configured, click VERIFY


Note: A verification code is received via Text Message, that is valid for 10 minutes. 

4.   On the Setup MFA page, enter the received verification code, and then click CONFIRM MFA SETUP


Note: If required, click Change phone number to modify the previously entered mobile number or click Resend to receive a new verification code. If the user clicks Resend within 10 minutes, the same verification code is received for the second time.

5. The MFA Setup Complete page, click CONTINUE



The Business Overview Partner landing page is displayed. 


Accessing the platform using MFA through an Authentication App


To access the platform using Authentication App


1.   Sign in to the StreamOne® Ion platform.


The Sign in page is displayed.



2.   On the Sign in page, enter the Username, Password, and then click LOGIN



3.   On the Setup MFA page, select the Receive verification code via option Authentication App from the

dropdown list. The Setup MFA page is displayed with a QR code


Note: This page is displayed for the first Sign in attempt to setup MFA settings, and after reconfiguring MFA.  

4.   On your mobile download the Google or Microsoft authenticator mobile application. 


For more information, see Installing the authenticator application


5.   Using the Google or Microsoft authenticator application, scan the QR code, and then click VERIFY

Note: A verification code is received on the mobile authenticator application.
 

6.   On the Setup MFA page, enter the received verification code, and click CONFIRM MFA SETUP


Note: If required, click Change Authentication Method to use another authentication method. 

7.   On the MFA Setup Complete, click CONTINUE



The Business Overview Partner landing page is displayed. 


Installing the authenticator application

Microsoft Authenticator App
 

Complete the following steps to configure your mobile app. 

  1. Install the Microsoft Authenticator app for Android or IOS. 
  2. Open the Microsoft Authenticator app on your device. 
  3. Select (+) in the upper right corner. 
  4. Scan the QR code displayed on the screen using the camera of the device. 
  5. The Microsoft Authenticator app displays a six-digit verification code that is refreshed after every 30 seconds. 
  6. On the platform, when prompted to enable two-factor authentication, enter the verification code displayed on the Microsoft Authenticator app. 
  7. Verify if the code is accepted and that two-factor authentication is enabled for your account.


Google Authenticator app for Android or IOS 


Complete the following steps to configure your mobile app. 

  1. Google Authenticator App A picture containing graphics, colorfulness, symbol, font
  2. Open the Google Authenticator app on your device. 
  3. Select the (+) or (Add) button to begin the setup process. 
  4. Scan the QR code on the screen using the camera of the device. 
  5. The Google Authenticator app displays a six-digit verification code that refreshes every 30 seconds. 
  6. On the platform, when prompted to enable two-factor authentication, enter the verification code displayed on the Google Authenticator app. 
  7. Verify if the code is accepted and that two-factor authentication is enabled for your account.

Reconfiguring the MFA method

On the StreamOne Ion platform, and from the SETTINGS menu, Partners can modify for their users the MFA method or mobile number used to sign in.


To reconfigure the MFA method:


1.   Sign in to the StreamOne® Ion platform.


The Business Overview partner landing page is displayed.



2.   On the Business Overview page, in the top-right corner, click the Quick Access menu.



3. On the Quick Access menu, select the SETTINGS > Users tab.



4.   On the Users page, click the EDIT button.



5.   On the Edit User page, click RECONFIGURE MFA.



6.   On the Confirmation dialog box, click YES



A confirmation message is displayed. 


Note: Next time, when the platform is accessed by the Partner, the MFA method, and the mobile number can be modified.


1.  What is Multi-factor authentication (MFA)? 

Multi-factor authentication is a security measure that requires more than one method of authentication from independent categories of credentials to verify the user’s identity. This contrasts with single-factor authentication, which only relies on a single method, such as a password.


2.   How does MFA work?

To gain access to a system, a user needs to provide two or more pieces of evidence (or factors) from different methods to prove their identity.


3.   How secure is MFA?

Multi-factor authentication (MFA) is known for being the gold standard in security access. It helps protect sensitive accounts and data by requiring an extra layer of authentication such as a password, PIN, or One-Time Password (OTP).


4.  Why is a person’s mobile phone considered a security device, even though anyone can steal it?

A mobile phone is considered a security device because it can be used to receive one-time codes that are needed to log into an account. Even if someone steals your phone, they would not be able to log into your account unless they also had your password. So, although the one-time code would be sent to your phone, without being able to login to your phone’s account, they would not be able to receive it.


5. Why do we need MFA on StreamOne® Ion?

MFA will enhance StreamOne® Ion security by requiring users to identify themselves using more than one username and a password. While important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties. By using MFA, our Partners’ and their Customers’ digital assets are protected with an extra layer of security.


6.  Which are the different MFA verification methods used for StreamOne® Ion platform? 

You can use the following verification methods: 

7.   Which is the best MFA option, if I do not want to provide my personal mobile number? 

If you do not want to use your personal phone number for MFA, the best option is to use 

Microsoft or Google Authenticator App. This option requires you to install Authenticator App on 

your phone


8.   What is the best MFA option if I do not want to use my personal phone?

In this case, the best option is to use WhatsApp on your computer or tablet.


9.   How can I get MFA activated for my account and my customers?  

To activate MFA for your account users and/or for your customers you should open a support ticket requesting the MFA activation. Please consider that when you request the MFA activation for your account, all your account users will have MFA enabled at the same time. The same behavior will apply if you request MFA to be activated for one of your customers, which will cause all of their account users to have MFA enabled at the same time.

10. How long is an access code active? 

For SMS and WhatsApp services, the code will be active for 10 minutes if not used. For Authenticator App service, the code will be active for only 30 seconds if not used.


11. Can I use the same mobile number for multiple platform accounts using MFA? 

Yes, you can use the same mobile number to access multiple platform accounts using MFA, if you have multiple accounts. 


12. How often will I be requested to use MFA once activated for my account? 

MFA will always be prompted based on the following factors:

Points to remember: 

  • Client IP Address: If a user signs in from a different IP address, they are prompted for MFA. 
  • User Agent (Browser): If a user signs in from a different browser, they are prompted for MFA. 
  • Duration from last MFA: Irrespective of the Client IP address or Browser, the user is prompted for MFA, if the time lapse is more than 24+ hours since the last successful MFA. 
  • Invalid Code: User is limited to 5 attempts to input the correct verification code. After the 5th attempt, the user is restricted platform access for 10 minutes to prevent unauthorized access.


13. How can I change my preferred MFA method? 

You must request the Partner Administrator to reset your MFA settings to be able to choose a new MFA method. For the moment there are no self-service options for you to manage this change. After your MFA settings have been reset, you can choose a different MFA method during your next login to the platform.


14. How can I change the mobile number associated with MFA for my account? 

If you are a Partner’s user or a customer’s user, you must request the Partner administrator to reset your MFA settings to be able to provide a new phone number. For the moment there are no self-service options for you to manage this change. After your MFA options have been reset, you can provide a different phone number in your next login to the platform if you choose the SMS or the WhatsApp method. For more information, see Reconfiguring the MFA method


15. How can the Partner’s administrator reset MFA preferences for one of the Partner’s accounts or their customers’

accounts? 

When editing any platform account details, for a Partner user or a Customer user, there is an option named ‘Reconfigure MFA’ that resets MFA for that user, meaning that the user will be prompted to choose an MFA method in their next login. Please check our documentation for further details. For more information, see Reconfiguring the MFA method


16. How can MFA be deactivated for my account and my customers’? 

For deactivation of MFA for you and your customers you should open a support ticket requesting the MFA deactivation. Please consider that when you request the MFA deactivation for your account, all your account users will have MFA disabled at the same time. The same behavior will apply if you request MFA to be deactivated for one of your customers, all their account users will have MFA disabled at the same time