MFA user guide

Last updated March 2024

Overview

Logicly’s authentication system now supports Multi Factor Authentication (MFA).

Logicly login screen on mobile device

MFA is an additional layer of authentication that works by requiring users to provide verification information (via a device they have) in addition to their email address/password (which they know) when logging in. Taken together these multiple “factors” are used to verify the user. Logicly’s authentication system supports a variety of additional factors, including:

  • Push notifications

  • One-time passwords

  • Security Keys

Purpose

Given the realities of today’s security landscape and regulations, MFA is a simple but effective additional layer of verification to protect against malicious access to sensitive data, should email addresses and passwords become compromised.

Audience

Users are required to use MFA for access to a Logicly hosted system.

Security

In order to be compliant with current best practices in security standards MFA is in the process of being implemented across all Logicly applications.

Getting started

MFA is required each time an MFA enrolled user logs into a Logicly application. While there are a variety of MFA apps compatible with our system, the instructions below will guide you through setting up MFA on your mobile device using either the Auth0 Guardian app or Microsoft Authenticator apps.

The Auth0 Guardian app has the benefit of generating a push notification to your device and therefore reduces the number of steps required to complete the MFA process.

Microsoft Authenticator is commonly used, especially in corporate environments, so has the benefit that it may already be installed. Note that it only supports time-based one-time passwords (TOTP) with the Logicly authentication system. If you prefer push notifications please use the Auth0 Guardian app.

Alternative TOTP based MFA code generator apps can be used such as Google Authenticator, Authy, and 1Password.

For those that would prefer to not use an application on their mobile device at all, hardware security keys such as the yubico Security Key may be used as an additional factor instead. Note that Logicly does not supply hardware security keys. These must be sourced from your organisation or personally. If you already have a hardware security key it is possible to use the same key with multiple systems.

Auth0 Guardian

Auth0 Guardian (Guardian) is a mobile app that will deliver a push notification to a user’s registered device when they attempt to access a Logicly application. After entering a valid email address and password the user must respond to a Guardian push notification by tapping the “Allow” button. If a user is presented with a Guardian notification outside of the login process then they should tap the “Deny” button, this prevents access to the system from an unauthorised user and allows tracking of potential malicious activity.

The Auth0 Guardian mobile app is available for both iOS (App Store) and Android (Google Play).

Setting up Guardian

Logicly users will be prompted to select an authentication method when they next try to sign up or log in to a Logicly application.

  1. After entering a valid email address and password for a Logicly app, users will be prompted to select an authentication method. Please select ‘Notification via Auth0 Guardian app’

Logicly "keep your account safe" screen

  1. You will then need to download the Auth0 Guardian app to your mobile device.

    NOTE: when first opening the app on your mobile, please;

    • allow Guardian to send you “notifications”

    • allow Guardian to “take pictures and record video”

  2. Once the Guardian app has been successfully downloaded to your mobile, click the ‘Continue’ button on the Logicly app screen.

Logicly "secure your account" download app screen

  1. A QR code will appear on the Logicly app screen. Users will have a short amount of time in which to scan the code using the Auth0 Guardian app on their mobile device.

    NOTE: If the QR page times out before you can scan the code, please repeat steps 1 & 3.

Logicly "secure your account" QR screen

  1. When the QR code is verified, your Logicly app screen and Guardian app will provide you with a Recovery code or passphrase.

    Please save these in a safe place in case you ever need to login without your mobile device, or the security settings on your mobile device are changed.

  2. Check “I have safely recorded the code/passphrase” on both your Logicly app screen and your Guardian mobile app in order to activate the ‘Continue’ button. Users will be taken to the Logicly application’s home screen.

Logicly "Almost there!" screen

  1. MFA is now ready to be used on your mobile device.

    The next time you try to login to a Logicly application, a push notification will be sent to your mobile device. The Guardian app will prompt you to either Deny or Allow the Authentication Request to access the Logicly application.

View of Auth0 Guardian app on mobile device screen

Microsoft Authenticator

The Microsoft Authenticator app helps you sign in to your Logicly accounts using two-factor verification. Two-factor verification helps you to access your accounts more securely, especially while viewing sensitive information. Because passwords can be stolen or compromised two-factor verification is an additional security step that helps protect your account by making it harder for other people to break in.

Microsoft Authenticator app can be used to generate a time-based one-time password (TOTP) for a second verification method after you sign in with your registered email address and password. You must copy the 6 digit one time password code generated by the app into the prompt on the Logicly login screen.

The Microsoft Authenticator mobile app is available for both iOS (App Store) and Android (Google Play).

Setting up Microsoft Authenticator

Logicly users will be prompted to select an authentication method when they next try to sign up or log in to a Logicly application.

  1. After entering a valid email address and password for a Logicly app, users will be prompted to select an authentication method. To use Microsoft Authenticator, please select ‘Google Authenticator or similar’.

Logicly "keep your account safe" screen

  1. You will need to download the Microsoft Authenticator app to your mobile device.

    NOTE: when first opening the app on your mobile, please select either;

    • “Receive notifications for verfication” (this will send you push notifcations), OR

    • “Use verification code” (this will require you to open the app on your device and enter the 6 digit code shown)

  2. Once the Microsoft Authenticator app has been successfully downloaded to your mobile device, select ‘Work or School Account’ within the Microsoft Authenticator app and use your devices camera to scan the QR code shown on the Logicly application. An account will be generated for this logicly application within your Authenticator app.

Logicly "secure your account" app screen

  1. Enter the Authenticator app, click on the relevant Logicly account and copy the 6 digit code across to the computer login screen.

  1. When the QR code is verified, your Logicly app screen will provide you with a Recovery code or passphrase.

    Please save this in a safe place in case you ever need to login without your mobile device, or the security settings on your mobile device are changed.

    Check “I have safely recorded the code/passphrase” in order to activate the ‘Continue’ button. Users will be taken to the Logicly application’s home screen.

Logicly "recovery code" screen

  1. MFA is now ready to be used on your mobile device.

    The next time you login to a Logicly application you must copy the 6 digit one-timme password code generated by the app into the prompt on the Logicly login screen before you may access the Logicly application.

Using MFA

Once your preferred Authentication app is set up on your device, simply sign in to the Logicly application as normal by using your registered email address and password. Note that the new Logicly login prompt will be served from the login.logicly.com.au domain.

Depending on your chosen method, either a push notification will be sent to your registered mobile device prompting for the request to be approved or denied, or a 6 digit code will be available in your authentication application that you can input. If the request is approved, or the code is enter correctly, then the user will be logged in to the Logicly app.

Troubleshooting

If you do not have your mobile device or your mobile device is turned off

If you have lost your device, you can finish authentication using the recovery code ( Guardian recovery code, Microsoft Authenticator recovery code) provided when you first signed up.

Enter your email and password to log in, and click the Use the recovery code link.

Enter your recovery code.

You will then be given a new recovery code, please keep this in a safe place to use next time.

If you do not have access to your mobile device and have lost your recovery code

If you no longer have your recovery code, you will not be able to log in. Please email our support team via support@logicly.com.au for help accessing your account.

If your transaction expires

When logging in via MFA, there is a five-minute maximum between providing your email address/password and accepting the authentication request on your mobile device.

If more than five minutes have elapsed, you will need to log in again and approve a new authentication request.

Setting up Authentication app on a replacement mobile device

If you still have access to your old device, please open the Guardian app and delete your existing Logicly account.

Then follow the steps for setting up your preferred Authentication app on your replacement device; Setting up Guardian , Setting up Microsoft Authenticator

If you no longer have access to your old device, please email our support team via support@logicly.com.au and ask for your MFA to be reset. You will then be able to follow the steps for setting up an Authentication app on your replacement device.

Rejected codes

If the 6-digit code in the Authentication app is being rejected for sign in (often with the message ‘Incorrect Code’), first check that you are selecting the right application from the list in your authenticator app. If you’ve verified that you’re selecting the correct application, make sure that your mobile device’s clock settings are correct. One-time passwords are time based, so your device’s time must be correct for your code to work.

Checking your clock settings

  • Android Devices - Go to Settings > Date & Time. Make sure that the box next to Automatic is checked.

  • iOS Devices - Go to Settings > General > Date & Time. Enable Set Automatically. If this setting is already enabled but the time is incorrect try disabling it for a moment, then re-enabling it.

Allow list

If your IT department maintains an allow list of domains they should be aware that auth.logicly.com.au and login.logicly.com.au must be allowed in addition to any application specific domains and paths.

Support Centre

For further assistance using Logicly’s Authentication system our Support Team can be contacted via support@logicly.com.au or +61 3 9340 9000