目录
此内容是否有帮助?

# Virtual MFA

Virtual MFA is a widely used security verification method. When users log in to their accounts, they need to enter the dynamic code provided by the virtual MFA in addition to the conventional "username + password". Using virtual MFA can effectively avoid account risks caused by password disclosure and greatly improve account security. In addition to login, any account sensitive operation can be protected by virtual MFA.

In general, the virtual MFA requires the user to bind the MFA key of the account in advance in the mobile phone application, open the application every time you use it, and enter the dynamic code at this time to complete the MFA verification.

This chapter will detail the support for virtual MFA in TA systems, including personal activation and full cluster mandatory activation.

# I. Personal Turn on/off MFA

# 1.1 individuals open MFA

Users who have higher requirements for personal account security can enter the "account center" page in the menu in the upper right corner of the webpage to set up a virtual MFA for their personal account

In the "Account Security" column, click the "Bind" button of the "Virtual MFA" entry to enter the binding MFA process:

After clicking "Bind", you need to enter a password to verify your identity:

To enter the binding link, you need to download the authentication application or use WeChat Mini Program. After opening the corresponding program, scan the two-dimensional code in the center of the screen to obtain relevant information. When you cannot scan the code, you can click "Can't scan the code?" Switch to manual input mode.

After scanning the code or entering the key operation, the authentication application will create a scene (depending on the application, you may need to manually save the scene). At this time, you can see the 6-digit verification code displayed in the scene, enter it into the corresponding position on the page, and complete the verification to successfully bind the MFA.

After completing the binding, you need to log in again. In the process of logging in again, you need to use the virtual MFA that has just been bound. For specific details, please refer to Chapter 3 "Login Process after Opening MFA".

# 1.2 individuals turn off MFA

If you need to close the MFA, click "Unbind" in the "Virtual MFA" entry under the "Account Security" column to enter the process of closing the MFA:

After clicking "Unbind", you need to enter the dynamic code of the MFA to verify your identity. After completion, you can close the MFA. At this time, you can also delete the bound MFA information in the authentication application:

# II. Virtual MFA Management

System admin can go to the "System Administration" page in the menu in the upper right corner of the webpage, and manage the virtual MFA situation of the cluster in the "Virtual MFA" tab of "System Security", including turning on the mandatory MFA of all employees, or unbinding a user's MFA.

# 2.1 Enable MFA forcibly on/off

If you have high requirements for the overall security of the system, we also provide the ability of global management, which can force all users to bind MFA. System admin can choose to turn on or off to force MFA.

After mandatory MFA is turned on, all users who have not turned on MFA will be required to bind a virtual MFA when logging in, and the account login can only be completed after binding the virtual MFA. If you unbind after binding, you still need to bind MFA the next time you log in.

With Force Enable MFA turned off, users are no longer required to bind virtual MFAs, but bound virtual MFAs are not unbound either.

# 2.2 Unbundle the virtual MFA for the specified user

If the user cannot obtain the dynamic code of the virtual MFA, such as losing the device or deleting the authentication application by mistake, the system admin can untie the virtual MFA for the specified user in the virtual MFA management page.

TIP

If the system admin cannot obtain the MFA dynamic code, you can contact the TA staff to untie it.

# III. Login Process After Opening MFA

After opening the virtual MFA, when the user completes password verification, it will enter the MFA verification link, then open the authentication application before binding MFA, enter the dynamic code display application at this time, the authentication is successful to successfully log in TA background.

Note that if you use third-party login, you will not enter the MFA verification link.