Case IQ Knowledge Base

How can we help?

Configure Multi-Factor Authentication (MFA) for Your Application

You can set up Multi-Factor Authentication (MFA) for your application to ensure all users of your system verify their identities before they can sign in to Case IQ. MFA allows you to reduce security risk and protect your user's accounts, without administrative overhead. This article covers how administrators can configure MFA for the application. To learn how to register your Case IQ account for MFA, see Set Up MFA for Your Account.

Before turning on MFA...

  • Case IQ uses Time-Based One-Time Passwords (TOTPs) for MFA. Your organization must have an authenticator application, such as Google Authenticator or Cisco Duo, to use Case IQ's MFA. 
  • MFA is only applicable for your users that log in with a username and password. Those logging in with Single Sign On (SSO) will not be able to set up MFA for their Case IQ accounts.
  • You can prevent users from logging in with backup codes, meaning that users cannot log in to Case IQ if they cannot access their mobile device or authenticator app. If you disable backup codes, the system will not generate backup codes when a user registers for MFA.
    • If you disable backup codes, then enable them later, any existing codes will be retained and restored.

Configure MFA for your Application

To turn on MFA or change any MFA settings:

1. Navigate to Settings > System > System > Options.

Options page under System tab in Settings.

2. Narrow down the options displayed in the grid by clicking the Search button and typing “MFA”.

Search button on the Options page.

3. You will see the following MFA settings. Select an option in the Values column to configure MFA for your application. 

Key Description Values
internalMFA Enable or disable MFA for users of your main application
  • Off: MFA is disabled for the main application.
  • On (Required): all internal users must use MFA to log in to Case IQ. 
  • On (Optional): internal users can skip setting up MFA for their account. They can register for MFA later from their user profile.
externalMFA Enable or disable MFA for external accounts, including portal users, hotline agents, and any external parties granted access to cases.
  • Off: MFA is disabled for the portal.
  • On (Required): all external users must use MFA to log in to the external portal. 
  • On (Optional): external users can skip setting up MFA for their account. They can register for MFA later from their user profile.
enableMFABackupCodes Allow or prevent users from logging in with backup codes.
  • Yes: the system will generate backup codes for internal and external users when they register for MFA, which they can use to log in to Case IQ.
  • No: the system will not generate backup codes. Any existing backup codes will be disabled.

MFA options.

5. Click the Save button. 

Save button on the Options page.

6. Click "Confirm" on the "Change configuration options" pop-up. Your changes will take effect within 15 minutes.


two factor two-factor two factor authentication two-factor authentication multifactor authentication multifactor

Related Articles