Skip to main content
Contract Eagle MFA

Contract Eagle MFA provides Authentication App security to Contract Eagle's built-in password protocol.

C
Written by Contract Eagle
Updated over 2 months ago

Audience: System Administrators

SCOPE:

This MFA feature only applies to Contract Eagle's built-in password protocol. If you organization uses Single Sign On (SSO) for Microsoft Entra, the MFA is configured within Microsoft Entra itself.

What is Contract Eagle MFA?

Contract Eagle MFA (Multi-Factor Authentication) uses an Authentication App installed on your users' smart phones to provide a second form of authentication in addition to their Contract Eagle Password.

Supported Apps? Any standard authenticator app will do eg. "Microsoft Authenticator", "Google Authenticator" and "Authy".

Why use this? Your system becomes more secure when you use MFA.

Can I enforce it? Yes, you can change the MFA policy to "force". More details below.

Enforced or Optional MFA

You can choose whether to enforce MFA for your organization, or whether to leave it on the offer setting, which is the default.

To change this setting:

  1. Open the System Preferences screen from the Admin > System Preferences menu option.

  2. Select the Password Policy tab.

  3. Change the Multi-Factor Authentication enforcement mode from the drop down.

  4. Click Save to save the changes

You can change this setting to:

  • Optional: users can opt-in and/or disable MFA from the Manage Multi-Factor Authentication option on their Profile.

  • Offer: users will be prompted to set up MFA when they initially login. They can choose to decline, which will hide the prompt for a period. They can choose to set up or disable MFA from their Profile at any time.

  • Force: users will be prompted to set up MFA when they initially login. They must setup MFA and cannot disable MFA.

Note:

If you select the "Force" option, all users of Contract Eagle will require access to an authenticator application on their mobile device.

Disabling MFA for a User

If a user who has previously set up MFA is unable to access their authenticator application (eg: they lost their phone), their MFA settings can be reset by disabling MFA.

  1. Open the Maintain User screen from the Admin > Maintain Users menu option.

  2. Locate the user.

  3. Click the Actions button next to the user and from the drop down select the Manage MFA option.
    โ€‹

  4. On the following screen, click the Remove MFA button and then click OK at the confirmation prompt to disable MFA for the user.

The user will then be able to login using their username and password without requiring additional validation.

Disabling MFA for a System Administrator

If a System Administrator requires MFA to be disabled and no other users at your organization have permission to do this, please email support@contracteagle.com.

Did this answer your question?