The eLynx application supports two methods to increase the security of access to the application.
- SSO or Single Sign On - Uses Azure Active Directory to link your eLynx account to your corporate identify.
- MFA (or commonly referred to as 2FA) - Multi-factor Authentication where you use a second "factor" to prove your identity to the system.
Your company can enforce a higher level of security by enforcing SSO or MFA for all accounts accessing the system.
Within the eLynx Application SSO is considered the "higher" priority and if enabled is enforced. If SSO is not enabled MFA can be used to increase the security of your account. MFA is available to all user accounts, but can optionally be required for all user accounts unless SSO is enabled.
If MFA is required when you first setup and login to your account (either initially, or the first time you login after MFA is marked required) you will receive an e-mail to your login e-mail address with a code that you must enter to complete the login process. Once you are initially logged in you have the option of creating and setting up an authenticator application to generate codes rather than relying on e-mail.
The following is a walkthrough of what that first login process looks like:
When creating a new user account the new user will be sent a welcome message that includes a link that the user must click to acknowledge their e-mail address and create their initial password.
When the user clicks on the link they will be prompted to enter their e-mail address and their initial password:
If MFA is enforced for the customer the system will immediately prompt for an OTP (One time password) code and will e-mail a message to them with that code:
The e-mail message received will look like this:
Enter the 6 digit number (blacked out in the image above) into the One Time Password field in the login screen and click the "Sign In" button to complete the login process.
If you did not receive a code (or waited past the expiration time of the code in the initial e-mail) there is an option on the login screen labeled "Click Here" that will send a new e-mail with a new code.
The system will challenge you and ask for an OTP on each device and each browser you use periodically, each time challenged you will need to enter the correct OTP to login. These codes cannot be re-used, you will get a new e-mail with a new code each time you are challenged.
Once you have logged in to the system you now have the option of setting up an "authenticator" application that is capable of generating and displaying the correct OTP code. While there are many such applications available, eLynx has tested three of the most popular. Microsoft Authenticator, Google Authenticator and Authy. These applications are considered more secure as the codes "rotate" more often, and the codes are not being sent via e-mail, rather, they are generated right on your device.
To setup your account for use with an authenticator app, or to enable MFA if your company does not require, but you still wish to use MFA login to the application and then go to your user profile.
Once the profile screen opens scroll down to near the bottom of the screen and you will see a setting labeled "MFA Source" which will be defaulted to e-mail if your company requires MFA or None if MFA is not required.
Select the setting for "Authenticator App" and the system will display a QR code which you can scan with an authenticator app to set your account up for use with authenticator OTP codes.
You will see a screen similar to the following:
After you scan the QR code your authenticator app will begin displaying codes for the eLynx application. You will need to enter a displayed code into the OTP Verification Required box to confirm a successful scan of the code. Once you have setup the authenticator and entered the OTP Verification code scroll to the bottom of the screen and press the "Update User Profile" button to save the change.
Please note that if you are not able to scan the QR code for some reason you can click on the "Show Manual Connection Detail" link and a text box will appear with a long alpha-numeric code that you can copy and paste into your authenticator apps "manual" setup screen.
One final note, if you have configured an authenticator app, and you no longer have access to it an account administrator can switch your account from authenticator back to e-mail verification.
For users with access to multiple customers (3rd party integrators etc.) please note that the authenticator app applies to all customers which require MFA, you do not need to setup codes for each account.