Manage MFA (Tango portal admins)

Multi-factor authentication (MFA) allows an additional layer of security on top of your authentication method and CANNOT be disabled for non single sign-on (SSO) logins. Tango portal admins can decide which MFA method(s) must be used by Tango portal users: authentication app, phone number, or email address.

Note:

All MFA methods are enabled by default.
MFA can be disabled, but to ensure your Tango portal security, you must enable at least one MFA method.
MFA is required for all non-SSO logins. With SSO logins in Tango portal, you may choose to bypass MFA authentication method.

Audience

This guide is intended for Tango portal administrators to manage MFA for their organization’s platform.

Permissions

You must be a platform admin with organization-level access, or a user who has “Manage” permissions for “Authentication” to be able to access platform settings and configure Mutli-factor authentication methods.

Manage MFA methods for the Tango portal

You can manage (enable or disable) MFA methods for all users in your portal. New users must set up MFA for their user profile the first time they log in, or whenever they reset their MFA. See Set up multi-factor authentication (Tango portal users).

All MFA methods are enabled by default. You can disable one or more methods if needed. For your portal security, you must keep at least one of the following MFA methods enabled:

MFA method	Description
One-time password	Is recommended and most secure. Uses an authentication app–such as Google Authenticator, Duo Mobile, or any other authentication app–to issue a temporary verification code.
Email	Receive an email message containing a verification code
Phone	Receive a phone message containing a verification code. SMS is available in United States and a number of other countries such as Canada, UK, etc. For a complete list of supported countries, check out the countries list.

To manage MFA methods for the Tango portal:

Sign in to the Tango portal.
Navigate to Platform settings. If you don’t have this option available, see how to grant Manage permission to this page.
Click Multi-factor authentication methods.
Click to disable the method you don’t need.
Click Disable again in the confirmation message box to disable for all users.
Access is disabled for all users in the Tango portal. Users must set up a different MFA method the next time they log in.

Note:

If you disable an MFA method, access to that method will be disabled for the entire portal.
You must have at least one MFA method enabled.

Grant manage MFA permissions

You must have manage authentication permission to enable or disable the MFA methods in your Tango portal. Follow the instructions below to grant permission to Tango portal admins or specific users. Learn about Tango portal roles in Default user roles in Tango portal.

To grant manage MFA permissions:

Sign in to the Tango portal.
Go to Users on the left menu.
Click the user for whom you'd like to update permissions.
Go to the Permissions tab.
Scroll down to see Authentication.
Move the slider to Manage position.

Reset MFA for other Tango portal users

As a Tango portal admin or user with manage users permission, you can reset MFA for other Tango portal users. Here’s how:

To reset MFA for other Tango portal users:

Sign in to the Tango portal.
Click Users on the left menu.
Find and click to open the user information box.
Click Actions > Reset multi-factor methods. Or, click the Reset multi-factor methods from the bottom of the information box.
Click Reset multi-factor methods to confirm. It resets all MFA methods and logs the user out of the Tango portal. To log back in, the user must add a method of MFA authentication.
The user has to log in and a verification code is sent to their email address. Once they enter the verification code, they can select a new MFA method. See Get started FAQ for more information.