Group Based Multi-Factor Authentication

Multi-Factor Authentication is available to all Bitium organizations on the Business Plus plan and above. With the implementation of group based MFA, organization admins are now able to control which users or groups are required to authenticate with MFA when they login to Bitium. More importantly, admins can now reset a user’s MFA if the user were to lose their phone or get a new device.

  1. To enable group based mfa, click “Manage org” at the top, select “Security”, and then click “Multi-Factor Authentication.”

  2. Before specifying which group(s) to enable MFA for, specify the interval at which the user will receive an MFA prompt upon logging into Bitium. To enable MFA for every user in the organization, leave the “Optional” field blank. To enable MFA for specific groups, input the group name(s) in the “Optional” box. Click “Enabled” and “Save Changes” to apply the settings to your organization.

    App Access

    Enable MFA by group

  3. When a new user enrolls in the organization, they will be prompted with the “Setup Two-Factor Authentication” screen where they will attach their authentication app of choice to Bitium.

    Add App to list

    Setup Two-Factor Authentication

  4. Admins can manage the specified users devices used for MFA. To remove a device, click the remove button to the right of the device name.

    Add App to list

    Manage MFA Devices

Common MFA Scenarios

  1. If a user is locked out of Bitium due to MFA, an admin can reset it by navigating to that specific user’s account in the “Manage Users” section. Select the user, and click “Reset 2FA” at the top.

    Add App to list

    Reset a user’s MFA

  2. In some cases, users may have configured MFA at the account level, which may require them to enter in a 2FA code twice in Bitium, specifically if that user’s organization enabled enforceable MFA as well. In this case, the user would retain two MFA strategies. If a user’s second MFA code isn’t accepted, please contact support@bitium.com. A user with two MFA strategies will see this screen:

    Add App to list

    Double MFA prompt