Configuring and Enforcing Multi-Factor Authentication
Virtru assumes authentication provided by the identity provider through the SAML assertion is backed by MFA. Thus, logins through the identity provider SAML assertion is considered by Virtru to be a multi-factor login. For this reason, it is highly recommended that organizations have MFA at the identity provider enforced before configuring and enabling SSO for Virtru authentication.
Organization administrators should follow their identity administrator’s instructions for setting up and enforcing MFA.
Registering an MFA Device for the First Time
1. Ensure the organization has SSO configured and enabled and that the user has a hardware MFA device available that they wish to register.
2. Log out of the Control Center, or if not logged in, go to the Control Center URL and be redirected to the login page.
3. On the login page, use the “one-time verification link” form to enter and submit the email address of a user who is an identity administrator (all Virtru administrators have the identity administrator privilege)
4. The user should receive an email with a link, open the link in the same browser that was used in the previous step
5. The page should prompt the user to register a MFA device. Follow the instructions on the page to register a hardware MFA device.
6. The page will then prompt for verification of the MFA device. Follow the instructions on the page to verify the hardware MFA device.
7. Login should proceed and load the Control Center application
Logging in using a registered MFA device
1. In the instance that the active SSO configuration is incorrect or invalid, all of an organization’s users will be unable to login to Virtru services because federated OAuth will be disabled and SSO will not be working. The only way to reach the Control Center to deactivate or make changes to the SSO configuration is using email authentication paired with MFA to login.
2. On the login page, use the “one-time verification link” form to enter and submit the email address of a user who is an identity administrator (all Virtru administrators have the identity administrator privilege)
3. The user should receive an email with a link, open the link in the same browser that was used in the previous step
4. The page will then prompt for verification of the registered MFA device. Follow the instructions on the page to verify the hardware MFA device.
5. Login should proceed and load the Control Center application