Multi Factor Authentication

Nzyme enabled MFA for all user accounts by default. Users have to enter a valid OTP token from an authenticator app to log in. No actions are possible before they have passed the MFA step.

OTP tokens rely on local time. It is critical that your Nzyme server and authenticator app are on accurate world time or MFA validation may fail.

Setting up MFA for a user

A user will be asked to set up their authenticator app during their first login. This should be a self-service process and not require administrator action. Make sure to let your users know that they will need an authenticator app to log in to Nzyme.

Backup Codes

Users will be presented with their individual MFA backup codes after the initial MFA setup. They should store these codes in a safe place like a password manager. Using a backup code will allow them to authenticate even if they lost access to their authenticator app.

Resetting MFA for a user

If a user is locked out and cannot use backup codes, administrators can reset MFA for a user. They will be logged out and presented with the MFA setup dialog the next time they visit the Nzyme web interface and log in successfully.

Disabling MFA for a user

Administrators can disable MFA for a user using the user creation or edit forms. In that case, users cannot set up MFA and will not be prompted to validate their token after login. This is not a recommended practice, but can be required in certain scenarios.