Today, multifactor authentication (MFA) is widely used by businesses online and continues to be one of the simplest and most secure ways to access your work.
- Overview
- Setting up MFA
- Email MFA set up
- Authenticator app set up
- Logging in with MFA
- Using recovery codes with MFA
- Removing an authentication app
- FAQ
- Need support?
Overview
NuORDER by Lightspeed uses MFA to add an extra layer of security to a user's account to prevent unauthorized access. Using MFA reduces the risk of fraud and identity theft, and it protects businesses from attacks that may compromise data.
MFA requires the user to input their existing password. Then, with a second authentication factor enabled, they will enter a time-based, one-time (OTP/TOTP), six-digit passcode generated by an authorized third-party authentication application that expires after 30 seconds.
Setting up MFA
MFA first needs to be set up by each user in their profile settings.
- In the lower-left corner of NuORDER, select the user's initials to navigate to the Profile Information page.
- Select Manage multifactor authentication settings.
- Select Enable for Email, Authentication app, or both. Follow the steps below to set up either option.
Email MFA
Follow these steps to set up your Email MFA.
- Select Send verification email from the Multi-factor authentication settings page. Go to your inbox to review the email and select Verify email to finish the verification. This verification link expires after 24 hours.
Note: If you’re using SSO to login into NuORDER, complete the steps in the Setting up MFA section of this article, and then select Send verification email.
- Select Enable from the Multi-factor authentication settings page.
Note: if you are logging into NuORDER with email and password (not using SSO), you may receive a prompt with the options to:
- Send verification email: Select this option to verify your email address. Go to your inbox to review the email and select Verify email to finish the verification. This verification link expires after 24 hours.
- Skip for now: Select this option if you want to first change the email address associated with your NuORDER account. Log into NuORDER, and then go to Edit Profile to change your email address. If you skip this step, you’ll receive a new prompt after 14 days.
After you’ve verified your email address, the next time you log into NuORDER, you’ll be prompted with a couple Email MFA options:
- Set up Email MFA: Go to your inbox to obtain a one-time passcode (OTP). Enter this six-digit number in NuORDER. You can select the Remember me option if you don’t want to enter an OTP in future logins (up to 30 days). When you’re ready, select Log in.
- Skip for now: If you select this option, you’ll receive a new prompt after 30 days.
Authenticator app set up
After completing the steps in the Setting up MFA section of this document, set up your authenticator app. NuORDER by Lightspeed recommends using Google Authenticator, Microsoft Authenticator, OneLogin Protect, or Twilio Authy.
- Make sure you are setting up MFA for the desired logged in user. Download Google Authenticator or Microsoft Authenticator on your mobile device, or select the link to see a full list of authenticator apps to choose from.
- In the downloaded authenticator app, scan the QR code to pair your mobile device, and then enter the code provided by the authenticator app. Select Pair device.
- Next, ensure you’ve saved your provided recovery codes somewhere safe. Then select I saved my codes.
- When you finish the setup, authentication details and factors appear on the main MFA page. You can Pause/Resume MFA or Remove authentication methods as you wish.
Logging in with MFA
After you set up MFA, the authentication code for login is found in any supported authenticator app, chosen by the user during setup or by using the code emailed to the verified email address.
- Log in to NuORDER with your username and password.
- If you're using an authenticator app, open it.
- If you're using Email MFA, you'll automatically receive an email when you select Log in.
- Enter the 6-digit code displayed in the authenticator app or email. If you’re using an authenticator app, this may automatically copy on your mobile device, depending on your personal settings. In this example, we’re using the authenticator app, OneLogin Protect.
- Enter the 6-digit code displayed in the authenticator app. This may automatically copy on your mobile device, depending on your personal settings.
- Now you are logged in securely to NuORDER!
Using recovery codes with MFA
Recovery codes are the primary resource for account recovery should an account holder lose access to their authorized device or access to the authentication app. The first avenue for recovering an account with two-factor authentication enabled is using the recovery codes you saved during the setup process. Ensure these are saved in a secure location that can be accessed by only the account holder when required.
There are 3 codes in total, and each can be used only one time. After a code is used, it is no longer valid, and you'll need to use another code on the list next time. When they’re all used, you can click the link in MFA settings to generate new codes.
Removing an authentication app
In the event that you have lost access to your authenticator app, you can remove an authentication factor in the MFA settings page once you've logged in using an authentication code or with a recovery code.
Note: After Email MFA is set up, it can’t be removed. You can only change the email address used for MFA by changing your login email from your user’s Profile Information page.
To remove an authentication factor:
- Navigate to the Profile Information page > Manage multifactor authentication settings.
- For the authentication app you wish to remove, select the trash icon.
- Next, select Remove on the Remove only additional authentication method? modal.
After the authentication factor has been removed, you can reconfigure your MFA by setting up a new authenticator app. See the Setting up MFA section of this article for more information.
FAQ
Q: Can I enable both Email MFA and authenticator app MFA?
Yes. If you enable both MFA options, then you can use either when logging in.
Q: How does MFA work if I have SSO for NuORDER?
A: Before Email MFA is set up, only users who log in with email/password (not with SSO) will receive the prompts to verify their email address and enable Email MFA. However, Email MFA can be set up the same way whether you are a SSO or non-SSO user and work the same way.
Q: How does Email MFA work if I have a linked account?
A: Email MFA is specific to each account. If you linked Lightspeed Retail POS and NuORDER, and then set up Email MFA for your NuORDER user, then Email MFA is only applied to your NuORDER login account. When switching from Lightspeed Retail to NuORDER, you may be prompted for Email MFA, depending on if there’s a “remember me” cookie or not.
Q: Can I remove an MFA authentication?
A: For authenticator apps, you can remove an authentication factor in the MFA settings page by following the steps in the Removing an authentication app section of this article. As a security requirement, after Email MFA is set up, it can’t be removed. You can only change the email address used for MFA by changing your login email from your user’s Profile Information page.
Need support?
Have additional questions regarding NuORDER by Lightspeed's integration with MFA? Contact our Support team for help or feedback!