Multi-Factor Authentication (MFA)
Introduction to MFA Requirements for Supplier Users
To meet necessary security requirements (such as those associated with DFARS) a company can require their suppliers to enable multi-factor authentication (MFA) in Net-Inspect as a precondition to adding, updating, or viewing that company's technical data in the Net-Inspect software. This means that when logging in, users must provide secondary authentication in the form of a randomly generated passcode or "push notification," in addition to their Net-Inspect credentials.
Net-Inspect employees will typically work with the company to notify the Setup Administrators of each of their suppliers' Net-Inspect accounts when this security policy change is set to occur. Upon arrival of that date, all users at each supplier will need to use MFA before logging in to the Net-Inspect software, or else be unable to handle that customer's data:
Your company's Net-Inspect Setup Administrators are responsible for satisfying this requirement by enabling Net-Inspect's MFA capability in your company's own Net-Inspect account. The following guide will walk you through all setup procedures that will be necessary.
NOTE: It is possible for a company to link an internal web portal to Net-Inspect, allowing users to log in to Net-Inspect via single sign-on (SSO) instead of through Net-Inspect's login page. If multi-factor authentication is enforced when your users log in to this portal, then this will meet your customer's MFA requirement; you will not need to set up MFA in Net-Inspect, though you can instead follow the steps in the Multi-Factor Authentication (MFA) with Single Sign-On guide to show that the requirement has been met. If your company has a web portal but not yet linked it to Net-Inspect, then please contact submit a ticket for assistance with this.
Navigating to the Multi-factor Authentication Setup page
After logging in to Net-Inspect, you can find the Multi-factor Authentication Setup page by following these steps.
1. Click the gear-shaped Setup button in the top-right of any screen
2. Select "User Management"
3. Select the "Access Control" menu tab
4. Select the "Multi-Factor Authentication" menu
If the "Multi-factor Authentication" menu is not visible here, then this means that none of your customers has yet made the option available to their suppliers. Check back later or ask a customer to provide you with information.
Enabling Multi-factor Authentication
After reaching the Multi-Factor Authentication Setup page, mark the checkbox labeled "Require all internal users to provide secondary authentication upon login".
Next, you can enable one or more of Net-Inspect's provided MFA options by marking the checkboxes in the "Allowed Multi-Factor Authentication Methods" section. The options you select here will be made available to your company's users.
The "Push Notification via Okta Verify app" and "One-Time Passcode via Okta Verify app" options require users to have a smartphone or tablet available. On Android devices, the Okta Verify app can be downloaded through Google Play; on iPhone and on other Apple devices, the app is compatible with iOS 13.0 and later, and can be downloaded through the App Store.
Be sure to only select options which conform with your company's policies. As an example, if using a personal phone to manage MFA would be against your company's security policies, and some of your Net-Inspect users don't have company-provided smartphones, then you may wish to exclude options involving a phone app or text message.
You can also choose to set up a 0–30 day "grace period" during which users can log in without being required to use or enroll for MFA. This provides additional time for the user to access Net-Inspect and to seek assistance with MFA enrollment if necessary. The grace period applies independently to each user and starts when they first log in after the setting is enabled. However, the user will not have access to data belonging to customers requiring MFA until they finish enroll for and use MFA during login.
Click the Save Changes button in the top-right of the page when you have finished configuring the above settings.