Enabling Multi-Factor Authentication (MFA) in Sumac

Enabling Multi-Factor Authentication (MFA) in Sumac

Sumac supports Multi-Factor Authentication (MFA) to enhance the security of user accounts. MFA adds an extra layer of protection by requiring a second form of verification (such as a code from an authentication app) in addition to your password.

MFA can be enabled on an individual basis for users who wish to activate it voluntarily, or enforced organization-wide by administrators. Below are detailed instructions for both scenarios.

Enabling MFA for Individual Users

If MFA is not mandatory across your organization, individual users can enable it through their personal account settings.

Steps to Enable

1. Access your profile: Click the profile icon in the top-right corner of the Sumac interface.    

2. Navigate to security settings: Under the "Account security" section, click "Signing in".

3. Start the setup process: On the "Signing in" page, locate and click "Set up authentication application".

4. Complete the setup: Follow the on-screen instructions to configure your authentication app (e.g., Google Authenticator, Authy, or Microsoft Authenticator). This typically involves scanning a QR code and verifying a test code.

Once completed, MFA will be active for your next login. Users can disable it later via the same settings if needed.

Enforcing MFA for All Users (Administrator Only)

To require MFA for every user in your Sumac database, administrators can enable it globally. This ensures consistent security without relying on individual opt-ins.

Prerequisites

- You must have administrator privileges in Sumac.
- Ensure all users have access to a compatible authentication app.

Warning
Multi-Factor Authentication (MFA) enforcement is not enabled for Sumac users with any type of activated webform.

Steps to Enable

1. Open the Utilities menu: From the main navigation, go to Utilities > Customize Database > Preferences.
2. Access CRM settings: Select CRM > System Security.

3. Activate MFA: Scroll to the bottom of the System Security window and check the box labeled "Activate Multi Factor Authentication for all users".
4. Save changes: Click "OK" to implement the setting. Existing users will be prompted to set up MFA on their next login.


Important Notes

  1. After enabling global MFA, users without it configured will be unable to log in until they complete setup.
  2. To revert, uncheck the box and save.