Multi-factor Authentication (MFA) is generally available through a limited rollout process. Contact your Procore point of contact for more information about availability.
Un utilisateur peut perdre l’appareil sur lequel l’authentification multifacteur est configurée, acquérir un nouvel appareil ou rencontrer un autre événement nécessitant la réinitialisation de l’authentification multifacteur. Bien que l’utilisateur reçoive un code de récupération lors de la configuration, s’il ne parvient pas à localiser le code, il a besoin d’aide pour réinitialiser l’authentification multifacteur.
Un administrateur d’annuaire est généralement responsable de la réinitialisation de l’authentification multifacteur pour un utilisateur. Procore n’effectuera la vérification d’identité et la réinitialisation de l’authentification multifacteur que pour les utilisateurs qui disposent de l’autorisation Débourseur de paiements pour l’outil Procore Pay.
Il arrive qu’un utilisateur soit ajouté à plusieurs annuaires de différentes entreprises Procore. La possibilité de réinitialiser l’authentification multifacteur pour un utilisateur qui n’a pas accès Débourseur à Procore Pay est disponible pour tous les administrateurs d’annuaire de tout compte d’entreprise auquel l’utilisateur a été ajouté.
Directory Admins should always verify the identity of a user who requests to reset MFA, to make sure the reset request is valid before proceeding with the reset.
Attackers commonly target password and MFA reset flows to compromise a user’s identity and gain access to systems with that user’s credentials. Because of this, it's important to make sure you, as a Directory Admin, are completely confident the any user requesting an MFA reset from you is who they claim to be.
As a Directory Admin, you are responsible for choosing how verify a user's identity. Procore does not verify the identity of users who need to reset MFA unless those users have Disburser permissions to Procore Pay.
Video or In-Person Verification (most secure). When verifying the identity of a user over video call or in person, you can ask the user to present a photo ID to confirm their identity. If you know the user personally, you can confirm their identity simply by seeing their face.
Phone Verification (somewhat secure). When verifying the identity of a user over the phone, you can ask them personal or professional questions that only they would know the answer to. If you know the user personally, you may be able to recognize their voice, which is another good indicator the person is who they say they are.
Email or Text Verification (least secure). When verifying identity through text or email, keep in mind that an attacker requesting a reset may have gained access to the user's email account or phone. Because this method of verification does not involve the voice or visible presence of the user making the reset request, it's a good idea to request additional verification by asking personal or professional questions, depending on your relationship with the user, to help confirm they are who they claim to be. More secure options for verification are generally a better choice.
OR...
Knowledge-based verification. Ask the user questions only they would know the answer to, either by phone, text, or email. It's a good idea to combine this verification method with photo ID verification.
Photo ID verification. Ask the user to provide an image of a government-issued photo ID. It's a good idea to combine this verification method with knowledge-based or in-person verification.
In-person verification. Ask the user to verify their identity in person, or over a video call. It's a good idea to combine this verification method with photo ID verification if you don't personally know the user making the request.
Loading related articles...