In order to manage your 2FA settings: Go to www.spriv.com and click on ‘Client Login’ enter your Username / Password and navigate to: ‘Settings’ > ‘My Company’:
- Callback URL: enter the FQDN ‘Full Qualified Domain Name’ or IP Address to which Spriv will send push notifications.
- 2FA Status: controls your entire company two-factor authentication status. The ‘2FA Status’ setting can be used for testing your platform.
- Active: This is the default setting. The ‘Allow’ button in the user’s mobile application will function as ‘Allow Always’. If a user ‘allowed’ a transaction, than all future transactions with the same identifiers will automatically be allowed without any additional user intervention. 2FA status will be determined by the end-user status (Section I “End-User status”)
- Allow Once Only: Once selected, this option will disable the automatic allow in the mobile application for users within the entire company. So even when a user uses the same identifiers as those used in previous allowed transactions, the user will still need to click “allow” for each transaction in order to login.
- Restricted Allow Always: The ‘Allow’ button will function as ‘Allow Always’ only to a list of white-listed IP addresses configured in 2FA Safe IPs. All other IP Addresses not in 2FA Safe IPs list will function as ‘Allow Once’ so if the user logs in from an IP address that is not in the white list, the user will need to manually click ‘Allow’ for each login.
- Allow All: All logins will be approved automatically, bypassing 2FA Except for Spriv Administrator Accounts.
- Deny All: All logins will be denied automatically, bypassing 2FA. Except for Spriv Administrator Accounts.
- 2FA Safe IPs: A list of white-listed IP addresses for the feature ‘2FA Status’ > ‘Restricted Allow Always’. IP Addresses not in 2FA Safe IPs list will function as ‘Allow Once’ so if the user logs in from an IP address that is not in the white list, the user will need to manually click ‘Allow’ for each login.
- 2FA login attempts before lockout: The amount of required 2FA authentication failures before lockout. A 2FA authentication failure happens when the credentials are correct, but the end-user actively denies the authentication with his phone.
- 2FA lockout expiration (in minutes, 1 – 600; 0 for unlimited): The lifetime of an end-user lockout.
- 2FA Lockout E-mail: A notification will be sent in the case of an end-user lockout.
- Decision for unpaired end-users: Whether to allow or deny authentication attempts for end-users who have not paired their device. The default is Allow.
- Decision for non-existing end-users: Whether to allow or deny authentication attempts for end-users who are not listed in Spriv’s database. The default is Deny.