INSZoom - Multi-Factor Authentication (MFA)
This article details how INSZoom Firm Admins can subscribe to and manage Multi-Factor Authentication (MFA) in INSZoom for Case Managers, Corp and Foreign National users.
What is Multi-factor Authentication (MFA)?
Multi-factor Authentication (MFA) essentially adds an additional layer of security to your online accounts. Verifying your identity using a second factor of authentication such as your phone, or security token prevents anyone but you from logging in to an application such as INSZoom, even if they know your password. Passwords are increasingly becoming easier to compromise, whereas MFA is separate and independent from your username and password. Thus, even if the password is compromised, no unauthorized person will be able to access the application using your login credentials. Looking at the new workforce and the nature of work, which is becoming more remote day by day; even technology giants have realized the importance of using a second form of authentication to grant access to their applications.
What does it offer?
Multi-factor authentication service enhances login security for all INSZoom users of your Firm and your clients. It provides additional security by requiring a second form of authentication such as a push message on a phone, passcode, security key, etc. to login to the INSZoom application.
Multi-factor Authentication offers the following values to users:
- Improved Security- It adds layer of security, keeping user accounts secure even if the password is compromised or hacked by an unauthorized entity.
- Increased Flexibility and Employee Productivity- INSZoom users can securely access the application from virtually any device or location without any risk of identity theft or unauthorized access.
- Easy to Use, Fast, and Reliable- One-touch authentication using push messages on the phone and/or security keys such as ‘YubiKey’ is quite swift and provides a fast way for users to securely log in INSZoom.
- Highly Scalable- New users, clients, and devices can easily be added benefits from this secure technology without requiring any significant effort, IT infrastructure change, or training.
Getting Started with Multi-factor Authentication
- Multi-factor Authentication is a Subscription feature and thus, INSZoom superusers/administrators of your firm need to subscribe to the feature from the INSZoom Subscriptions module to let users get started with Multi-factor Authentication.
- Once Multi-factor authentication is subscribed and enabled, users can start using Multi-factor authentication from their added devices or ‘YubiKey’ security keys after one-time enrollment of their mobile devices or security keys.
How does it work?
Multi-factor Authentication fundamentally has a simple three-step process:
- Subscription: The Superuser/administrator subscribes to MFA from the subscription module.
- Configuration & Enablement: Superuser/administrator selects and configures MFA for their Firm’s INSZoom users.
- Enrollment: Users register their device or security key to verify their identity and securely access the INSZoom application.
How to enable and use Multi-factor Authentication?
Subscription and Setup for Multi-factor Authentication
A. Subscription:
INSZoom Superusers from the Firm can subscribe to Multi-factor Authentication from the Main navigation menu, hover over Setup > Click on Subscriptions.
Navigate to the Security and Privacy category and click on the ‘Subscribe’ button for MFA.
The INSZoom accounts team will get in touch with your organization to confirm the subscription request and activate the feature for your organization.
After Multi-factor Authentication is subscribed and activated for your organization, you may click on "MFA" in the Subscriptions module to manage the Subscription Plan, Configuration, Enrolled Users, and monitor usage.
B. Enabling MFA for Case Managers and Corporations:
After Multi-factor Authentication is subscribed and activated for your organization, you could enable MFA for all Internal staff/ Case Managers and/or Corporations and foreign Nationals. While enabling MFA for Corporate Users and Foreign Nationals, you could choose to enable MFA for all your Corporate clients or Users of specific Corporations.
B.1 Case Managers: MFA can be enabled for all the case managers in your Firm by clicking on the ‘Enable for All Case Managers’ button.
B.2 Vendor Case Managers: MFA can be enabled for all vendor case managers by clicking on the button ‘Enable for All Vendor Case Managers’.
B.3 Corporation Users and Foreign Nationals: You could enable MFA either for all Corporate customers or specific customers.
B.3.1 All Corporations and Foreign Nationals: Choose this option if you intend to enable MFA for all your Corporate clients. If selected, this provides an option to enable MFA for Corp Users and/or Foreign Nationals.
a. ‘Enable for All Corp Users’ This enables MFA for Corp Users of all Corporations.
b. ‘Enable for All Foreign National(s)’- This enables MFA for Foreign National Users of all Corporations.
B.3.2 Specific Corporation and Foreign National: Choose this option if you intend to enable MFA only for specific Corporate clients. If selected, this provides an option to enable MFA for Corp Users and/or Foreign Nationals of specific Corporations.
You can select a specific corporation from the drop-down and add it to the list of corporations for which MFA needs to be enabled.
B.4. Count of Total Users Enabled: Firm administrators can keep a tab on MFA enabled user count with the help of a counter available in the Configuration section for all user roles such as case managers, vendor case managers, and/or corp users, foreign national users.
B.5 List of Enrolled Users: After MFA is enabled for your organization, the case managers will receive an email alert notifying them that MFA has been enabled for their INSZoom account. This alert essentially invites the case managers to start enrolling their devices or security keys to act as an additional layer of security for authentication. Administrators can look at the list of all users who have enrolled their devices or security keys using the ‘Enrolled Users’ section. This also includes the utility to search for users by Name/Organization.
Corp Users and Foreign Nationals are provided with On-screen instructions about device enrollment upon the first login attempt post-MFA enablement.
B.6 Reset MFA Enrollment: There can be scenarios where the MFA enrollment of an enrolled user may need to be reset. A few of such scenarios are-
- The enrolled user needs to change the second form of authentication from his/her mobile phone to a security key such as ‘Yubikey’.
- The enrolled user has changed his/her mobile device or mobile phone number.
- The enrolled user has reset his/her mobile device.
- The enrolled user’s INSZoom account has been deleted.
In such cases, INSZoom superusers/administrators can choose to Reset/Delete the MFA enrollment of the enrolled users. You can click on the ‘Reset MFA Enrollment’ button against the specific user’s name to reset the MFA Enrollment.
B.7 MFA Usage Tracking: The 'MFA usage' interface provides visibility for the Firm admin to view the MFA License Count, Total number of MFA users enrolled, and Unutilized MFA licenses. The MFA License Count is the same as the contracted MFA license subscribed by the Firm.
When a firm utilizes all the subscribed MFA licenses, users who are MFA-enabled, but not currently enrolled will not be able to enroll their devices; however, these users will be allowed to bypass MFA registration and be able to log into the INSZoom application (with single-factor authentication). Users who are MFA-enabled and have successfully enrolled will continue to be enforced with MFA.
Note: To resume MFA registration and enrollment for enabled users, you must increase your Firm's subscribed MFA licenses.
B.8 Email notification to Firm Admin on MFA usage: Firm Admins or Case Managers marked as Billing Contact will receive email notifications when the MFA License usage reaches 80% and 100% of the total subscribed MFA Licenses.
B.9 Recycling of MFA license of disabled user accounts: MFA license can be reused anytime an enrolled user is disabled/deactivated. INSZoom application will automatically reset the respective MFA seat for a user in the following scenarios:
- INSZoom Case Manager/Vendor Case Manager user account is disabled.
- Foreign National/Client portal access is disabled or the Foreign National record is inactivated.
- Corp User portal access is disabled or the Corp user record is inactivated.
To learn how to enroll with Multi-Factor Authentication (MFA) as an INSZoom user, please click here.