Provide an option for TOTP rather than emailing a code.
R
Rick Mills
When a client logs into the FlexPoint portal, there should be an option to setup Time-base One Time Password (TOTP) using an authenticator app. It is more secure than emailing a code and is still accessible if having email delays. There would need to be a method to obtain access if they can't use TOTP (aka phone dies and they don't have a backup of their authenticator app data). The common method is to provide them about 10 recovery codes they can use, each code can be used 1 time. You may want to allow them to reset the TOTP code via email, but I would delay the email 1 day for security purposes.
R
Rick Mills
Sam, thank you for responding. I don't have a problem using SSO, but I have no desire to assist my clients in setting it up and not all of them use Microsoft for email. I also disklike how MS keeps users logged in for extended periods of time. I consider it a security risk. TOTP has been a standard for some time and I believe it is a more secure method. It is also one most users are familiar with and easily understand. I appreciate you offering SSO, but I would very much like to see TOTP as an option.
S
Sam Kushner
Rick Mills have you tried our SSO option with your clients? This is available for Microsoft emails