Back |
Home > Advisor View > User Security and System Settings > Require Challenge Questions or Mobile Phone Codes to Sign In (Dual Factor Authentication)
|
Require Challenge Questions or Mobile Phone Codes to Sign In (Dual Factor Authentication)
Enable Dual Factor Authentication for Your Firm Clear Security Answers or Codes for a User in Your Firm Enable Dual Factor Authentication for Your Clients Clear Security Answers or Codes for a Client |
Dual factor authentication (DFA) protects against unauthorized logins or account break-ins. When advisors and clients log in from an unrecognized device, you can require them to answer challenge questions or, if SMS authentication has been enabled for your firm, to enter a code sent to their mobile phone.
If you have both Advisor View and Advisor Rebalancing, the authorization setting and the challenge questions will sync and apply to both products.
Tamarac offers two possible dual factor authentication methods:
Challenge questions. When dual factor authentication is enabled, users in your firm will be required to choose from a list of challenge questions and enter the appropriate answers. In the future, when users log in, they will have to answer one of those three questions in addition to entering the password.
SMS authentication. If your firm has opted to enable SMS authentication, users in your firm will have the opportunity to add their mobile phone numbers when configuring their personal DFA settings. When users log in, they can request that a verification code be sent by SMS to their phone. They must provide the code along with the username and password to successfully log in.
SMS authentication must be turned on separately from basic dual factor authentication. If you would like to use SMS authentication, please contact the Account Management team at TamaracAM@envestnet.com to activate this feature.
The first time users in your firm log in after dual factor authentication is enabled, users in your firm will set up challenge questions, the mobile phone for SMS authentication, or both. Thereafter, users will use either the challenge questions or SMS code as a second form of authentication when logging in.
To require dual factor authentication:
On the Setup menu, click System Settings.
Under Dual Factor Authentication, select Require additional authentication when signing in.
If desired, configure the additional two settings:
Click Save.
If a user from your firm forgets the answer to one of their security questions or repeatedly enters the wrong code and gets locked out, you can clear the answers. They can then log in, setting up new questions and answers.
To clear a user's security answers:
On the Setup menu, click User Management.
In the Manage list, select Users.
Click Edit for the user whose answers you need to clear.
Select Reset dual factor authentication settings.
You must have dual factor authentication enabled to see this option.
Click Upload.
Click Save.
By enabling dual factor authentication for your clients, each client will be required to set challenge questions or enter a code sent to their mobile phones in order to sign in to their client portal. The following are ways you can manage dual factor authentication for your clients.
To enable dual factor authentication for your clients:
On the Accounts menu, click Clients/Client Portals.
Click the name of the client you want to enable dual factor authentication for.
On the Client Portal panel, select Yes for Require Dual Factor Authentication (DFA).
If you don't see this option, you will need to enable dual factor authentication for your firm in order to set it for your clients. You can enable dual factor authorization for your own account on the System Settings page.
Click Save.
If a client forgets the answer to one of their security questions or repeatedly enters the wrong code and gets locked out, you can clear the answers. They can then log in, setting up new questions and answers.
To clear a client's security answers:
On the Accounts menu, click Clients/Client Portals.
Click the name of the desired client.
On the Client Portal panel, under Require Dual Factor Authentication (DFA), select Reset DFA Settings.
You must have dual factor authentication enabled to see this option.
Click Save.
If dual factor authentication has been enabled in the System Settings for your firm, you can manage your challenge questions from the My Profile page.
For security purposes, previous answers aren't shown on this screen, but you can change your answers (you will need to enter answers for all three questions each time you make changes).
To set or change your security question answers:
In the profile menu, click My Profile.
Click Edit in the Dual Factor Authentication (DFA) section.
Select Use as my default authentication method if you are using challenge questions as your primary security measure, rather than SMS authentication.
Click Edit Challenge Questions.
Select three questions and enter answers for each. The answers for challenge questions cannot be all the same.
Click Save DFA Settings.
If dual factor authentication and SMS authentication have been enabled for your firm, you can use the My Profile page to manage the mobile phone number where you receive codes.
If you would like to take advantage of the mobile phone authentication, please contact the Account Management team at TamaracAM@envestnet.com to activate this feature.
To set or change the mobile phone number where you receive security codes:
In the profile menu, click My Profile.
Click Edit in the Dual Factor Authentication (DFA) section.
Click the Mobile Phone tab.
If this is the first time you've used this feature, select I acknowledge that I have read, reviewed and agree to the Short Code Terms of Service.
Select Use as my default authentication method if you want to always use the mobile phone option instead of the security questions.
In the New Mobile Phone Number box, enter your mobile phone number.
Click Request Code.
When you receive the code, enter it in the Code box.
Click Save DFA Settings.