Creating An Authentication Set

Authentication sets are used to control the methods allowed to users. These are also where you can attach PIN profiles, controlling end users' log-in/out experiences.

Creating an Auth Set

1. In your MFA Admin Portal, go to the Sets tab.

2. On the left-hand side, click "New Set".

3. In the new pop-up window:
   3a. Name your new auth set.
   3b. (Optional) Give your set a description. This example uses some shorthand of the assigned authentication methods for quick reference of what methods the set contains.
   3c. Under the Methods for Primary Access section, select your authentication methods from the drop-down and click "Add Method".

   Methods can be prioritized by clicking the added method and then clicking the up or down arrows.

   
   

   3d. (Optional) Under the Methods for Secure Workflow section, you can add only one method. Generally, this method would be "Question and Answer" or "Emergency Access" as it's usually referred to. See the bottom of this article for more on Secure Workflows.
   3e. When finished, click "Add".
   

4. You should see your new set appear in sets list.
   

Attaching a Custom PIN Profile

1. Click "Edit" for your authentication set.
   

2. In the Edit Authentication Set window, click "Edit Profiles..." in the bottom-right.
   

   
   

   2a. Use the drop-downs to select your custom PIN profile if you've created one.

   If you need to create a custom PIN policy and profile(s), please see our Creating A PIN Policy article.

   

   
   

   2b. Click "Save".

Assigning Set to a User

1. Navigate to the Users tab.
2. Look up your user and click their name to bring up their User Information Page.
3. Click "Edit User".
4. In the Edit a User window next to Authentication Set, use the drop-down to select your authentication set. Click "Save".
   

Secure Workflow

By default, this setting is enabled.

Secure Workflows require the user to answer the defined secure workflow method, which is usually Emergency Access/Question & Answer, before being permitted to perform secure workflows—Unblock Card, Change Q&A, Replace Card—within the User Portal. Even with Secure Workflows enabled, the user can perform changes to personal settings.

For example, Change PIN requires the user to validate their current PIN before changing it to a new one. On the contrary, Unblock PIN or Reset PIN assumes the user cannot validate their current PIN because it is blocked.

In this scenario, setting a new PIN would be considered a “secure” workflow. It is similar to the difference in Active Directory between a user changing their password versus resetting the password.