In this document you will learn how to require members of a specific programme to set up their Multi-Factor Authentication (MFA) login method in order to use the site.

Things to Consider

1. You should read the member facing MFA article, as this will give you an idea of the user journey your employees will go through to setup MFA.
2. You should consider whether you have a significant employee population without access to smartphones/desktop, as they will not be able to use MFA in this case. 
3. You should consider the impact to the user journey, as once MFA is enabled, the user will need access to an authenticator app (either on a smartphone or desktop), each time they want to access the RG website.

Setup

This option is found under “Security” in Reward Manager’s sidebar. Search for the scheme you want to edit, in the search bar at the top:

Note: If you can't see the "Security" option, check you have rights to edit a scheme’s Security settings. You may have to raise a support ticket via Zendesk for this.

After you have found and selected the desired scheme, head over to the “Login Challenges” section:

The option to look for next is “Enforce Multi-Factor Authentication?”. You should see the status of the option currently, whether it’s enabled or not as the checkbox labelled "If selected, members will be required to set up their Multi-Factor Authentication". You can enable or disable enforced MFA for this programme using this checkbox.

Enabling this option will require the programme's members to have MFA enabled on their accounts. To have fine-grained control of which members need to use MFA, you can place them in a Segment. Segments are configured within the Segment Manager.

You can also enter a message that you want your employees to see when they reach the MFA sign up page. This can give your employees better clarity on the reasoning behind enforcing them to use MFA.

Changes to the Login User Journey

Once MFA is enforced, members that have not set up their MFA will be asked to do so as soon as they are logged in -- the others who have previously set it up will be unaffected.

Keep in mind that turning this option on will take effect immediately on all members. This might interrupt some of the members’ actions on the website -- their next click or action on the site will bring them to the MFA setup page if they haven't setup MFA yet.

Disabling the option will not affect any MFA methods already set up by members, it will only remove the requirement for setting it up to use the website.