Web Portal - MFA Guide
A guide to setting up multi-factor authentication for your organization's users in the Web Portal interface.
Multi-factor authentication (MFA) is a commonly used method of online security. It requires a user to firstly input their username and password and secondly input a code generated by a third party app on a device the user has previously designated. This means in order to access a user’s account they must have a username, password and their authentication device available, which increases the security of the account.
MFA can now be enabled for use when logging onto the Innova Web Portal and the Innova Phone App. Additionally, if your Well Seeker Pro server database is hosted within Innova’s infrastructure, MFA can be enabled for use when logging onto a Well Seeker Pro server database.
This document will guide the user through the various use cases, which differ slightly based upon the organization’s user management system (Innova, Okta or Azure AD).
MFA is turned off by default. It is up to an organization’s admins to turn on MFA for their existing users, if they desire to use this security feature. This is done via the User Management page in the Innova Portal.
To access the User Management page, log in to the Innova Web Portal, using credentials that have the Admin permission enabled. Open the main menu and select User Management and then Users.
MFA settings are managed on a user by user basis. Before changing any settings, check the Auth Type column.
If the Auth Type column displays a
icon or a
icon, then your organization’s user credentials are managed using Azure AD or Okta, respectively. In this case, the password and MFA management functions in the Innova Portal will have no effect.
If the Auth Type column displays a
icon, then user credentials are managed in the Innova Portal and the admin will be able to use the below functions to control the user’s MFA status:
- MFA Enabled: Click the button in the MFA Enabled column to toggle MFA on for that user. The user can then follow the steps in Section 3 below to set up MFA on their secondary device. The button will display green when MFA is enabled for the user.
- Reset MFA Device: Click on theicon to the left of the User Name column and then select Reset MFA device from the menu that appears. Once selected a second dialog will open requiring user confirmation of this action. Select YES to continue, or NO to cancel the process. Once reset, the user will need to setup a new authenticator the next time they login to the Portal, app or Well Seeker.
- API User: Toggling the API User function on prevents a user from using MFA, and ensures that they can log in using their username and password only. It also prevents the MFA Enabled option from being toggled on. If MFA was previously enabled for the user, it will automatically be deactivated. The button will display green when API user is enabled.
If MFA has not been enabled then the user will login as usual.
If MFA has been enabled, one of two scenarios will occur:
1. This is the first time a user is logging in after MFA has been enabled, or the MFA authenticator has been reset:
a. The user must register an MFA device. This must be done via the login page for the Innova Web Portal. It cannot be done in the App or Well Seeker.
b. The user inputs their username and password
c. The below screen will appear (for Okta and Azure AD organization users, a similar app specific version will appear)
d. Open an authenticator application on a chosen device, and scan the QR code (see the relevant authenticator app’s documentation for details on how to do this). A row named Innova Drilling & Intervention will be added in to the authenticator app in question, which will generate a six digit code at a pre-determined time interval. Input this six digit code into the six cells displayed below and select SUBMIT MFA
e. If correct the user will be logged in
If a user attempts to login to the Innova Phone App or Well Seeker Pro before registering an MFA device, they will receive a warning message.
2. An MFA device has already been registered:
a. The user inputs their username and password
b. The below screen will appear (for Okta and Azure AD organization users, a similar app specific version will appear)
c. Open the authenticator application on the registered device. Input the six digit code from the row Innova Drilling & Intervention into the six cells displayed below and select SUBMIT MFA.
d. If correct the user will be logged in
The above process will also occur in a comparable order when logging into the Innova Phone App. Where an organizations Well Seeker Pro server database is hosted within Innova’s infrastructure, this will also occur when logging onto the server database in Well Seeker Pro.