Multi-factor authentication (MFA)

MFA is an extra layer of security for FP&A accounts.

MFA goes beyond a simple ID and password challenge, requiring the user to provide additional credentials.

A FP&A Global Admin or Security Admin sets up MFA in two steps:

  1. Create a DUO account and set up DUO MFA.
  2. Enable DUO MFA in FP&A.

 Note:  FP&A requires the Traditional Duo Prompt. Duo Universal Prompt (DUP) is not supported.

1. Set up DUO MFA

You can set up applications in DUO if you are an Owner or Administrator of your DUO account. If you do not have an account, you’ll need to sign up for one. Then follow these steps:

  1. Sign in to your DUO account.
  2. From the Administration portal, in the sidebar click Applications.
  3. Click Protect an Application.
  4. In the applications list, locate WebSDK and get your Integration key, Secret key, and API hostname.

2. Enable DUO MFA in FP&A

 Caution:  

The following procedure turns on DUO MFA for all FP&A users. Once turned on, when anyone signs in to FP&A, the DUO sign-in appears (as shown above) and the user must choose a DUO authentication method. On their first sign in, they will be asked to enroll in DUO, which means approving their sign-ins on new devices.

Do not enable DUO unless you are certain all FP&A users are able to authenticate using DUO (users who can't will be locked out of FP&A).

If you are uncertain, check with your IT admins before turning on DUO.

  1. Log in to FP&A as an admin.
  2. Select > Security Manager.

  3. Select Tools > DUO Multi-factor Authentication.

  4. Type your Integration key, Secret key, and API hostname.
  5. Click Enable DUO.

  6. Click OK.

    DUO MFA is now turned on.

Change the Secret key

  1. Select Tools > DUO Multi-factor Authentication,
  2. Beside Secret key click .
  3. Add the new key and click OK.

MFA FAQ

Why use MFA?

MFA ensures that only the user of an account can get into it, even if the ID and password have been stolen.

Do I have to use MFA?

MFA is optional.

How does MFA work?

Prophix has partnered with Cisco and their DUO product, specifically DUO MFA. Once integrated with FP&A and turned on, DUO MFA requires the user to provide two different authentication factors in order to access FP&A.

Can I use DUO MFA if I am using SSO?

If you want to combine MFA with SSO, you must accomplish this through your SSO provider.

With DUO MFA, what does the user see?

After signing in to FP&A in the normal way, the user sees the DUO sign-in and must choose an authentication method: