Configuring Multi-factor Authentication

Enterprise digital resources should require authentication, where a user supplies their identity and evidence to prove the authenticity of that identity. Single-factor authentication is typically a simple password; however, a password can be stolen, guessed, or brute-forced with many attempts.

Therefore, we recommend MFA, where a user must supply at least two pieces of evidence: something they know (e.g., a password), something they possess (e.g., a smartphone), and/or something they are (e.g., a fingerprint).

A common practice is to install a third-party authenticator application that displays a random and constantly refreshing number or code, which the user enters for authentication. Some password managers also offer this service.

VGS is continuously looking for ways to improve security and minimize risk to our users, including for identity management. Our Identity and Access Management (IAM) system supports WebAuthN so you can easily and securely authenticate your MFA login with a single tap.

You can select which authentication method you prefer for login, including a one-time password (OTP) credential, a WebAuthn credential, or a password-less login (e.g., just WebAuthn). You can have multiple OTP devices and/or multiple WebAuthn devices. You can select which type of device to use during login, and which specific device to use.

OTP is a widely used industry standard for MFA. Its passwords (codes) have an incredibly short lifespan, and they are safer to use than SMS or other IAM solutions.

It is quick and easy to set up OTP. VGS makes sure that transitioning from your existing MFA solution to OTP is painless.

There are two simple steps:

• When you log into the VGS Dashboard, enable one-time password (OTP)

• Create a new password for your Dashboard

Each of these changes is followed by an email confirmation, a Dashboard notification, and a message in your customer channel.

Once you submit credentials (username/password) that are successfully validated, you are then led to the next factor for validation, which is when you enter your OTP.

Forced MFA Policy

MFA is enabled automatically for all users if the corresponding requirement is set on the organization level.