Access Security

Security

The Security page lists all the security settings for the Lucidity Application.

From the Security page, administrators can:

• Enable two-factor authentication via email

• Set the period of time users are remembered before they have to complete two factor authentication again

Multi Factor Authentication

• Two factor authentication (2FA) via email is available for  Lucidity user accounts is available in Version 17.61 and newer. This is a major improvement to the security of Lucidity accounts.
  To learn more about the benefits of 2FA see this article on TechTarget's website: https://www.techtarget.com/searchsecurity/definition/two-factor-authentication#:~:text=Two%2Dfactor%20authentication%20adds%20an,to%20pass%20the%20authentication%20check.

• Once 2FA is enabled when a user logs in they will be asked to retrieve a verification code that's been emailed to them. They are then required to enter the code and providing it's valid and correct they will be signed in.

• Users have the option to check the ‘remember me’ check box so that they only have to enter the verification code every 14, 30, or 60 days. The number of days can be configured in the Access Module. 

• 2FA can be enabled and the remember me number of days can be configured via the new Security page in the Access Module.

To enable 2FA via email for users complete the following steps.

1. Before enabling this feature ensure all user accounts have an email associated with them. Otherwise users will not be able to login and use Lucidity.
   User email addresses can be added manually one at a time, or in bulk via the Public API. For more details about adding user email addresses manually see Edit People. To learn about how to use the Public API to edit user details and add email addresses in bulk see Update the fields on an existing user using SwaggerHub

2. The reason all users in Lucidity must have an email associated with account is that when they login a verification code will be emailed to them. In order for them to receive a verification code their account must be associated with a valid email.

3. We also recommend notifying users in advance of enabling 2FA so they are aware that they will need to enter the verification code sent to their email. Communicating the benefits of 2FA  ahead of time should reduce frustration from users at this extra layer of security.

4. To determine which user accounts might be missing an email address you can go to Users page in the Access module and export a list of all users to a CSV or Excel and then filter out any without email addresses. Refer to the Reporting section of the ‘Managing User Accounts’ section of this user guide for more information.

5. Once it's been verified that all users have an email address you then need to ensure that the ‘Role’ assigned to the person enabling 2FA has the ‘Security Manage' privilege enabled as shown below. Refer to the Access Module Access Roles and Privileges page in this user guide for more details.

Open

6. Once that permission is enabled, navigate to the Access Module and select the ‘Security’ option in the left navigation.

7. Check the 'Enable Two Factor Authentication via Email' checkbox shown below to activate 2FA via email as shown below.

Open

8. The ‘Remember me' setting is applied per device and reduces how often a user has to enter a verification code. For example if a user is logging in to using both a laptop and a mobile device they’ll need to select 'Remember me’ on each device to avoid having to enter the verification code each time they log in.
   The options are 14, 30 and 60 days. We recommend enabling the ‘Remember me’ for 30 days to prevent users being frustrated at having to enter the verification code each time they login.
   
   

9. Once the checkbox for 2FA via email is checked and the ‘Remember me’ option is set click 'Save' to enable 2FA via email.

10. Once saved whenever a user logs in they will be asked to check their email for a verification code. An example of the email they receive can be seen below.

10. At any time you can come back and turn 2FA off again if required for some reason. Simply un check the 'Enable Two Factor Authentication' checkbox and click ‘Save’.