What is MFA?
MFA, short for Multi-Factor Authentication, strengthens account security by requiring users to provide two or more authentication factors, adding an extra layer of protection against unwanted access.
Frequently Asked Questions.
How to enable MFA
-
Log in to control.coalitioninc.com
-
Click on the Profile Icon in the top right of the navigation bar
-
Select User Profile*
-
Under Multi-Factor Authentication, click
Set Up
-
Enter your current password
-
Select your MFA Method:
-
RECOMMENDED Authenticator App: Use an authenticator app to generate a temporary code. We recommend that all Control users use this method as it is one of the more secure forms of MFA today.
-
Email: Sends a one time code to your Control account email
-
-
Follow the directions in Control and be sure to save your backup code just in case you have issues with MFA in the future!
-
Once you refresh your User Profile page, you’ll see the
Set Up
under Multi-Factor Authentication is nowTurn Off
*If you are unable to see your User Profile, please log out, clear your cache (Chrome, Firefox, Opera), and log back in.
Step | Screenshot |
6. Select your MFA Method | |
6.1: Authenticator App | |
6.2: Email (this is what the Control user should expect to see in their inbox) |
How to turn off MFA
-
Log in to control.coalitioninc.com
-
Click on the Profile Icon in the top right of the navigation bar
-
Select User Profile
-
Under Multi-Factor Authentication, click
Turn Off
-
Enter your current password and follow the directions listed in the flow.
How to generate a new backup code (only available when MFA is turned on)
-
Log in to control.coalitioninc.com
-
Click on the Profile Icon in the top right of the navigation bar
-
Select User Profile
-
Under Multi-Factor Authentication, click on
Generate a New Backup Code
and follow the directions listed in the flow.
Troubleshooting Tips
- Be sure to have a strong internet connection whenever you're utilizing Control, especially when you are trying to set up MFA.
- If you are unable to see your User Profile, please log out, clear your cache (Chrome, Firefox, Opera), and log back in.
- When will MFA be triggered after I set it up? In order to minimize friction when logging into Control, we will not ask users for MFA every single time they log in, even after enabling it. Today, we are using Adaptive MFA, where it will assess potential risk during every login transaction, and then prompts the user for additional verification if appropriate.
Assessor | Risk Signal | How it is computed |
ImpossibleTravel | The user is attempting to sign in from a geolocation that suggests an impossible travel situation when compared to the location of the last login. | The distance between the last valid location and the location of the attempted sign-in is calculated, and the time difference between the sign-in attempts is used to compute a hypothetical travel velocity. This velocity is then compared to a reasonable travel velocity. |
UntrustedIP | The user attempts to sign in from an IP address associated with suspicious behavior | Utilizing intelligence from traffic events to assess the likelihood that the IP address has been used by malicious actors for high-velocity attacks. |
[Future] NewDevice* | The user attempts to sign in from a device unused to access the account in the last 30 days | At login time, the user agent and browser cookies are used to identify a device, and the device information is then compared to the list of devices associated with the account. |
*Currently, we are using ImpossibleTravel and UntrustedIP as the assessors for MFA. For the future, we will evaluate whether the NewDevice Assessor will be applied in our calculations
Have more questions?
Feel free to reach out to us at securitysupport@coalitioninc.com