Home‎ > ‎Other Modules‎ > ‎

Multi-factor Authentication (MFA)

Purpose: An additional layer of account security for logging into LegalServer. It allows access to LegalServer only after the user successfully provides a username and password, along with a secondary authentication method. Users will be prompted to enter their secondary authentication code on a regular basis to confirm their identity.


Cost: None 




Enabling the MFA Feature

LegalServer staff must enable the feature. File a ticket from your site (Help menu > Support Request), stating whether you want email-based authentication, app-based authentication, or both, enabled.

Requiring MFA

Administrators can require Multi-Factor Authentication per user role. The option appears at the bottom of the page for each role. Visit Admin > User Roles (Permissions) for a list of user roles. (Currently not available. Ref: LS-79222)

Authentication Period

Authentication lasts 24 hours.

Initial User Experience

After MFA is enabled, users need to hover their cursor over their name in the upper right corner of any page and select “My Preferences”. 


User button dropdown my preferences




On their My Preferences page, users go to the Actions menu and select “Enable MFA”:

.


Depending on what the administrator has requested for enablement, users will be able to enable MFA via email, a mobile device app, or both. 

Configure MFA via email mechanism

If Email is selected, users will need to follow the prompts regarding MFA.


On the next screen, they will be prompted to check their email.  The email is the one associated with their LegalServer account.

 


The code from the email can be used to enter onto the next screen in LegalServer. The will have no more than 15 minutes to enter their code.



Once complete, the system will alert the user that MFA has been enabled.



Configuring MFA via an app-based mechanism

If the user selects to enable MFA via an app-based mechanism, they will need to follow the prompts regarding MFA. To use this method, the user will need a smartphone or tablet that is with them at the time of login each day. They will need to download and install an authentication app. Google Authenticator (Google Authenticator for iOS / Google Authenticator for Android), is one such application. Other Time Based One Time Password (TOTP)  applications will also work, such as Authy, or password vault applications like 1Password, Lastpass, or Bitwarden, will also work. 



On the next screen in LegalServer, the user will be prompted to either 1) scan the LegalServer MFA QR code to set-up an account in Google Authenticator on their device or 2) enter the MFA Manual Entry key via the setup key prompt in Google Authenticator on their device. Once that is done, Google Authenticator will populate a 6 digit code for entry into LegalServer’s Authenticator Code section. Note that these codes expire every 30 seconds. 



Once completed, the system will alert the user that MFA has been enabled. 




User Disabling MFA

Users can disable MFA by visiting their My Preferences page and selecting Actions menu > Disabled MFA:




Reporting on MFA


There are two fields on the System Users table that tie in with MFA. A boolean about whether MFA is enabled and which MFA mechanism in use.  A sample report about all users and whether they have MFA enabled can be found in Example Reports.


Known Issues and Notes

  • Administrators can see which users have MFA enabled but there is not yet a way to enable MFA without the user’s participation