Salesforce

Manage MFA (Tango portal admins)

Printable View
« Go Back

Information

 
Answer

 

Multi-factor authentication (MFA) allows an additional layer of security on top of your authentication method and CANNOT be disabled for non single sign-on (SSO) logins. Tango portal admins can decide which MFA method(s) must be used by Tango portal users: authentication app, phone number, or email address.

Note:

  • All MFA methods are enabled by default.

  • MFA can be disabled, but to ensure your Tango portal security, you must enable at least one MFA method.

  • MFA is required for all non-SSO logins. With SSO logins in Tango portal, you may choose to bypass MFA authentication method.


Audience

This guide is intended for Tango portal admins or users with manage authentication rights. By default, manage authentication permission is not enabled for admins. See Default user roles in Tango portal to see how you can enable it for yourself.


Manage MFA methods for the Tango portal

As a Tango portal admin or user with authentication permission, you can manage (enable or disable) MFA methods for all users in your portal. New users must set up MFA for their user profile the first time they log in, or whenever they reset their MFA. See Set up MFA (Tango portal users).

All MFA methods are enabled by default. You can disable one or more methods if needed. For your portal security, you must keep at least one of the following MFA methods enabled:
 

MFA method Description
One-time password

  • Is recommended and most secure.

  • Uses an authentication app–such as Google Authenticator, Duo Mobile, or any other authentication app–to issue a temporary verification code.

Email
  • Receive an email message containing a verification code
Phone
  • Receive a phone message containing a verification code
 

To manage MFA methods for the Tango portal:

  1. Sign in to the Tango portal.

  2. Go to image.png Team settings > Authentication on the left menu. See Set up MFA (Tango portal users)  for more information.

    authentication.png

  3. Click Disable next to the method you don’t need. A confirmation message appears.

  4. Click to confirm Disable for all users.
    Access is disabled for all users in the Tango portal. Users must set up a different MFA method the next time they log in.

Note:

  • If you disable an MFA method, access to that method will be disabled for the entire portal.

  • You must have at least one MFA method enabled.


Grant manage MFA permissions

You must have manage authentication permission to enable or disable the MFA methods in your Tango portal. Follow the instructions below to grant permission to Tango portal admins or specific users. Learn about Tango portal roles in Default user roles in Tango portal.

To grant manage MFA permissions:

  1. Sign in to the Tango portal.

  2. Go to image.png Team settings > Users on the left menu.

  3. Click the user for whom you'd like to update permissions.

  4. Go to the Permissions tab.

  5. Scroll down to see Authentication.

  6. Move the slider to Manage.

auth2.png



Reset MFA for other Tango portal users

As a Tango portal admin or user with manage users permission, you can reset MFA for other Tango portal users. Here’s how:

To reset MFA for other Tango portal users:

  1. Sign in to the Tango portal.

  2. Click image.png Team settings > Users on the left menu.

  3. Find and click to open the user information box.

  4. Click Actions > Reset multi-factor methods. Or, click the reset option from the bottom of the information box.

  5. Click Reset multi-factor methods to confirm. It resets the user’s MFA and logs the user out of the Tango portal. To log back in, the user must add a method of MFA authentication before logging.

    auth3.png

  6. The user has to log in and a verification code is sent to their email address. Once they enter the verification code, they can select a new MFA method. See Get started FAQ for more information.

 

More resources:

TitleManage MFA (Tango portal admins)
URL NameManage-MFA-Tango-portal-admins
Powered by