Overview

Use this article to learn more about the Multi-Factor Authentication (MFA) setup for System Five on Cloud.


TABLE OF CONTENTS


For Password Reset see: MFA - Forgot / Reset Cloud Password or Account Locked Out


What is MFA?

MFA is a system that combines something you know (your password), with something you have (an authentication device, normally your phone). This means that to compromise your account, an attacker would need both of these things, dramatically increasing the barrier of entry.

Why are we implementing this?

MFA is an important line of defence against unauthorized access to our systems. If a hacker manages to obtain your password through a phishing attack, they will have to also answer a multi-factor authentication challenge, which they almost certainly couldn't do.

As a bonus, this added level of security allows us to offer the ability to reset your password (provided you have access to your second factor) without contacting Windward Support.

What do I need?

If you have access to a smartphone where you normally use System Five on Cloud, Microsoft Authenticator is the best way to get access.

Alternatively, for those who don't have access to or prefer not to use their smartphone, we also offer the ability to send authentication codes by email.

First-time setup

To enroll for MFA, on any computer, go to

Choose to use Microsoft Authenticator or Email for verification. 

To Use Microsoft Authenticator:

If you have not already installed Microsoft Authenticator on your phone, install them from here: iPhone:https://apps.apple.com/app/microsoft-authenticator/id983156458 Android:https://play.google.com/store/apps/details?id=com.azure.authenticator

  1. a. If you are in North America, go to https://na.windwardoncloud.com and Log in with your na.windwardoncloud.com username and password.
    b. If you are in Australia, go to https://au.windwardoncloud.com and Log in with your au.windwardoncloud.com username and password.
  2. Choose Microsoft Authenticator when prompted to add Microsoft Authenticator to your account.
  3. Open Microsoft Authenticator on your phone.
  4. Choose the plus button in the top right.
  5. Tap Other (Google, Facebook, etc.)
  6. Scan the QR code on your computer screen.
  7. On the next page, enter the code below the entry yourusername@NA or yourusername@AU. You may need to scroll down to see it.
  8. Click Confirm, and you are enrolled!
  9. Generating Backup Codes to ensure you can still log in in case you lose your device.

Email

  1. a. If you are in North America, go to https://na.windwardoncloud.com and Log in with your na.windwardoncloud.com username and password.
    b. If you are in Australia, go to https://au.windwardoncloud.com and Log in with your au.windwardoncloud.com username and password.
  2. Choose Email Verification when prompted.
  3. Enter the email address that you want the verification email to be sent to and click Send Code
  4. Ensure noreply@windwardsoftware.com is whitelisted in your spam filter to ensure you receive codes.
  5. Enter the code sent in the email.
  6. Click Verify Code, and you are enrolled!
  7. It is also recommended that  you Generate Backup Codes  to ensure you can still log in in case you lose your device.

Generating Backup Codes

We recommend you generate backup codes for your account. In the event you lose your authenticator, you can use a backup code to log in and change your authenticator. To do this:

  1. Log in to: North American users select:North America Site (NA)    Australian users select:Australia Site (AU).
  2. Enter the code on your authenticator.
  3. Under MFA Recovery, choose Generate One-Time Use Backup Verification Codes.
  4. Copy these codes to a safe place.
  5. We recommend using a password manager to securely store these codes. Be sure not to keep them on the same device you use as an authenticator!

Logging in

Once you are enrolled in MFA, when you log into an MFA-enabled machine, you will be presented with a window similar to this: 

Check your email or smartphone app for your 6-digit code and enter it in the box.

Enter the 6-digit code displayed and click Continue. Your login will proceed.

Changing your Authenticator

If you need to change which device has your authenticator code, or which email address codes are sent to, you can change that like so:

  1. Log in using your username and password.
  2. Enter the code from your authenticator (if possible) or click Use Backup Code if you do not.
  3. If you are using Microsoft Authenticator:
    1. Click the pencil icon under Microsoft Authenticator
    2. Choose Change Phone.
    3. Follow the instructions on your new phone.
    4. Your new phone is now your active authenticator.
  4. If you are using email:
    1. Click Add Email under email verification
    2. Add the new email address and click Send Code
    3. Enter the code your received to your new email address. Be sure to check your spam.
    4. If you no longer have access or wish to receive notifications to your old email address:
      1. Click the pencil beside the old email address
      2. Choose Remove Email.

I've lost access to my authenticator. What do I do?

Follow the instructions above for Changing your Authenticator if you have access to your backup codes. 

If you don't have backup codes, contact support.

My app won't let me scan the QR code

  1. If you have an iPhone, you may have denied the Authenticator app camera permissions. To fix this, go to Settings → Privacy → Camera and make sure Authenticator is set to ON.
  2. Sometimes poor lighting or a dirty camera lens can cause the QR code to not scan successfully. If wiping the lens or improving the lighting does not resolve, you may need to enter the code manually.

I receive "Your account is not enrolled for Multi-Factor Authentication" and cannot log in.

If you are receiving this message:

then MFA has been enforced on your account but you have not yet set up the service. Please follow the instructions above for First-time-setup to enable login.