- What is it
- MFA - Multi-Factor Authentication
- SSO - Single Sign-On
What is it
Besides the Single Sign-On (SSO), we have implemented a Multi-Factor Authentication (MFA) system at Crewhu to ensure the authenticity of the users' access and provide a balanced, secure, and reliable ecosystem for all our customers.
You, as the account admin, can choose to set SSO and/or MFA as mandatory for all employees or not.
MFA - Multi-Factor Authentication
When logging into Crewhu, users who have MFA enabled in their profile must inform the security token, generated from a mobile authentication app, to access their account. Inserting the token correctly, access to the Platform will occur normally.
How to set it
If you made the MFA mandatory, and the employee hasn't enabled it in his profile yet, his access will be restricted to the User Profile page. From there, he will be able to activate it in his profile and use all Crewhu's features.
Refer to this article to know How to enable MFA in your profile;
In order to make MFA mandatory for all users of the company, you need to go to the Company Profile page and then check the option “MFA mandatory”:
Making MFA mandatory will force all company users (including Admin users) to enable MFA for their accounts and they will not be able to browse and use Crewhu features until they do.
If the user loses or no longer has access to the device where the authenticator app is installed, he can use one of the backup codes - which are generated during the MFA enable process - to gain access to Crewhu and, so then, reset the MFA configuration.
When a backup code is used, it will be invalidated. Thus, the user can no longer use this code specifically.
Resetting the MFA
It is possible for the user to reset the MFA configuration so that he can, for example, install the authentication app on another device. To do this, he needs to go to the “User Profile” page and click on the “Reset MFA” button.
Resetting the MFA will disable the previous configuration. Therefore, the codes generated by this old configuration will no longer work.
SSO - Single Sign-On
We implemented authentication via SSO, which allows the user to access Crewhu through the credentials of a Microsoft account (corporate or personal). Besides, you can make this feature mandatory for all your employees.
How to set it
In order to make SSO mandatory for all employees of your account, you have to access the Company Profile page and check the option "Force SSO for my company users":
If one or more users of the company do not have the MS credential or the user Crewhu (email) is different, the user will not be able to access the platform.
Registering with SSO
When the user is added to Crewhu (regardless of the user type), he will be able to use his credentials (user and password) from the Microsoft account to register and access the platform, without the need to create a user and a specific password on Crewhu.
When you invite the employees to join the account, an email is sent to them with a link to finalize their registration. On this page, the user can use the “Signup with Microsoft” button and create an account with this credential.
Refer to this article to know How to login using SSO - Single Sign-On.