Applies To: All desktop users of ALICE.
Setting Up and Using Multi-Factor Authentication (MFA) for ALICE
Multi-Factor Authentication (MFA) adds an extra layer of security to your ALICE account, protecting your data and ensuring secure access. This article explains how to set up MFA and use it for authentication.
Setting Up MFA
Upon your first login, if you haven't already configured MFA, you will be prompted to set it up.
You have two options for MFA setup: an authenticator app or email.
Important Note: To use the email option, an email address must be associated with your ALICE profile.
a. Authenticator App Setup (Recommended)
Using an authenticator app provides a higher level of security. We recommend using Microsoft Authenticator or Google Authenticator.
- Download an authenticator app: Install your preferred authenticator app (e.g., Microsoft Authenticator, Google Authenticator) on your personal mobile device.
- Scan the QR code: On the ALICE setup screen, use your authenticator app's scanning function to scan the displayed QR code.
- Enter the code: Your authenticator app will generate a 6-digit code. Enter this code into the ALICE screen to register your ALICE user with the app.
b. Email Setup
- Send the code: Click the button on the ALICE screen to send a 6-digit code to the email address associated with your ALICE account.
- Check your email: Look for the code in your email inbox (and spam folder).
-
Activate MFA: Enter the 6-digit code from the email into the ALICE screen to activate email MFA.
Success! Once MFA is successfully configured, you will see a success message.
Authenticating with MFA
After you've configured MFA, you'll be prompted for an MFA code each time you log in to ALICE.
- Enter your username and password: Provide your usual ALICE username and password.
-
Enter your MFA code: You will then be prompted to enter the 6-digit code from your authenticator app or the code sent to your email.
- Optional: "Remember me for 7 days": You can select the "remember me for 7 days" option. This setting is specific to the browser you are using. We highly recommend using this option only on secure, trusted devices.
If the code is correct, you will be successfully logged into ALICE.
FYI:
- Authenticator app codes expire every 30 seconds.
- Email codes have a limited expiration time.
- If your code is incorrect, please try again with a new, unexpired code.
Resetting MFA (Admins Only)
For security purposes, only users with Hotel User Admin or higher permissions can reset MFA for other users. An administrator must have MFA enabled on their own account to reset another user's MFA.
We strongly recommend that users request an MFA reset from their onsite administrators rather than contacting Actabl support directly.
To reset a user's MFA:
- Navigate to the user's profile: Go to Admin > Manage Users and select the relevant user's profile.
- Find the MFA enrollment section: Scroll down to the MFA enrollment section.
- Click "Reset MFA": Click the "Reset MFA" button.
-
Acknowledge the warning: Confirm the reset when prompted by the warning message.
Once MFA is reset, the user will need to log in to ALICE with their username and password and re-enroll in MFA using the setup steps outlined above.
Frequently Asked Questions (FAQs)
-
What happens to a user's MFA if they're moved from one hotel to another? A: MFA will continue to work, regardless of hotel association.
-
What happens to a user's MFA if the user password is reset? A: MFA will continue to work until MFA is explicitly reset by an administrator.
-
What happens to the user's MFA if they are locked or deactivated? A: MFA will continue to work whenever the same user is unlocked or re-activated.
-
What happens if my email changes in ALICE? A: If your user's email changes, Actabl MFA will continue sending MFA codes to the email address configured on your user profile. If MFA is enabled and the user's email is removed, the user will be locked out from using MFA, and an administrator will need to reset MFA for that user.
-
Is there an inactivity timeout associated with MFA? A: Yes, the MFA enrollment and authentication screens have their own inactivity timeout, separate from the main ALICE session timeout. The MFA timeout is set to 30 minutes of inactivity. If you are idle on an MFA page for 30 minutes or longer, you will be redirected to the login page.
-
Who can reset MFA? A: Currently, only administrators and Actabl Support can reset MFA. We highly recommend that only onsite administrators reset MFA, as they are better equipped to verify a user's identity.
-
What methods of MFA are supported? A: Authenticator app and email. We highly recommend using an authenticator app over email for enhanced security.
-
Will I need to use an MFA code to authenticate every time? A: No, users can select "remember me," which will keep you logged in for 7 days. This means at most, you'll need to use an MFA code to log in every 7 days.
-
Is MFA required? A: Yes, MFA is required for all ALICE desktop users at this time.
-
Can we use an authenticator app on shared devices? A: Yes, you can use an authenticator app on shared devices. However, using personal devices for MFA is highly recommended for security.
-
Can we use a shared email for MFA? A: No, users should not use shared emails for MFA. Each user should have a unique email address for MFA purposes.
-
Do mobile users need to use MFA? A: Not at this time. Currently, only desktop users are required to configure and use MFA.
-
Can I enroll in both MFA methods (authenticator app and email)? A: Not at this time. Only one method is required, and we recommend using the authenticator app.
- How does MFA change my login experience? A: MFA makes authentication more secure without sacrificing time and convenience. Additionally, users who enroll in MFA automatically qualify for a password expiration extension. This means users with MFA enabled only need to renew their passwords every 180 days, compared to the current and more strict 60-day policy.
Comments
0 comments
Article is closed for comments.