Multi-Factor Authentication

Multi-Factor Authentication (MFAClosed Multifactor Authentication - an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.) is an additional layer of security for the Infinity Portal. With MFA, Infinity Portal users must use an authentication app to confirm their identities before they get access to Infinity Portal. All new Infinity Portal accounts are created with MFA enabled.

For information about MFA for MSSPClosed Managed Security Service Provider (MSSP) - An managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services./Distributor child accounts, see Manage Accounts.

Organizations can configure and manage MFA as part of Single Sign-On (SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications.) with an Identity ProviderClosed A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP.. For example, an organization requires MFA as part of user authentication through Microsoft Entra ID. Infinity Portal users who log in through Microsoft Entra ID authenticate themselves with MFA according to the policy configured by the organization's Microsoft Entra ID administrator.

Creating and Editing MFA Configurations for Your User Account

This video shows you how to verify your phone number for the Infinity Portal and configure MFA using an authenticator app.

Watch the Video

  1. Download one of these authenticator applications to your mobile phone:

    • Google Authentication

    • Microsoft Authenticator

    • Authy

  2. In the Infinity Portal, open the Profile Settings page. In the upper-right corner:

    • Click the user name, or

    • Click the arrow next to the user name > Profile Settings.

    The Profile Settings window opens.

  3. Toggle the Enforce Multi-Factor Authentication switch to ON.

    The Enforce Multi-Factor Authentication configuration wizard opens.

  4. Follow the on-screen instructions to connect the authentication app to the Infinity Portal.

  5. If you want to require yourself to use MFA for all Infinity Portal accounts, keep the toggle on. If you want to use MFA only when a Primary Administrator of an account requires it, switch the toggle off.

  6. Click Finish to close the wizard.

If your organization uses SSO authentication and does not enable MFA as part of it, you can require yourself to use MFA every time you log in to the Infinity Portal. This is valid even when the Primary Administrator of the Infinity Portal account does not require MFA.

Configuring Multi-Factor Authentication or your account:

  1. In the Infinity Portal, open the Profile Settings page. For this, in the upper-right corner:

    • Click the user name, or

    • Click the arrow next to the user name and select Profile Settings.

    The Profile Settings window opens.

  2. Toggle the Multi-Factor Authentication switch to ON.

    If you do not have an authentication app configured, the Multi-Factor Authentication configuration wizard opens. Follow the steps in the wizard to configure an authentication app.

  3. Click Finish.

Managing Multi-Factor Authentication for Infinity Portal Users

This video shows you how to manage Multi-Factor Authentication for Infinity Portal users.

Watch the Video

An Infinity Portal Primary Administrator, Admin, or User Admin can view and reset a user's MFA configuration.

In the Infinity Portal, click > Users.

The 2FA configured column of the table shows one of these Multi-Factor Authentication configurations for each user:

Icon

MFA Configuration

The user does not have MFA configured.

By app

The user has MFA configured with an authenticator app.

The MFA table row shows you the MFA authentication method(s) that the user configured for themselves in Profile Settings. This table row is not related to the MFA enforcement policy for the account.

You may need to reset MFA for a user when the user has a problem with the app. Resetting MFA from the Infinity Portal is not supported. For this, contact Check Point Support.

Enforcing MFA Policy for All Users

A Primary Administrator must set up an MFA policy for all users who log in to the Infinity Portal account with their username and password.

Notes:

  • Multi-Factor Authentication is required for all Infinity Portal accounts where users log in with a username and password. If you previously disabled MFA, you must re-enable and enforce it for those users.

  • For users who log in with SSO, MFA is optional.

This video shows you how to enforce MFA for all users of an Infinity Portal account.

Watch the Video

MFA enforcement settings on the Identity & Access page apply to all users of this Infinity Portal account. Only a Primary Administrator can change these settings.

  1. In the Infinity Portal, click > Identity & Access.

  2. In the Multi-Factor Authentication to the Infinity portal section, select when to enforce MFA:

    • Enforce MFA for all logins, including SSO - Users must use MFA to log in with username and password and for login with SSO through an Identity Provider.

    • Enforce MFA for login with username and password - This option is selected by default.

    A confirmation window opens.

  3. In the confirmation window, click Enforce.

A Primary Administrator can allow Infinity Portal users to bypass the MFA verification for 14 days after they successfully sign in to the Infinity Portal with a trusted device.

  1. In the Infinity Portal, click > Identity & Access.

  2. In the Multi-Factor Authentication to the Infinity portal section, select Allow trusted devices to skip MFA for 14 days.

When users enter their verification code on their login to the Infinity Portal, they can select the option Remember this device for 14 days.

Enforcing MFA Policy for Child Accounts using API

Because MFA is mandatory for all accounts that use a username and password to log in, primary administrators must enforce the MFA policy for all child accounts. These are Customer accounts managed by MSSPs or by a Customer Parent in a large enterprise.

Primary administrators that manage multiple accounts may need access to the child accounts that use API automation. To get access, the primary administrator needs an Account API key to create new API keys for child accounts. For more information, see API Keys.