Skip to main content
Skip table of contents

How to protect access to TrustBuilder Admin portal with MFA

This document describes the set up to protect TrustBuilder Admin portal access with TrustBuilder MFA.

Two cases are identified:

  • the TrustBuilder. io tenant and the MFA tenant are not linked by SAML connectors → see “Link the tenants

  • the TrustBuilder. io tenant and the MFA tenant are already linked by SAML connectors → see “Configure users and access flow

Prerequisites

You should have:

  • Access to TrustBuilder Admin portal with administrator rights.

  • Access to TrustBuilder MFA Admin console with administrator rights. As an admin, you should have at least one trusted device activated.

  • the same email should be configured for the user in both tenants (if “email” is used for authentication)

Link the tenants

https://yourcompany.trustbuilder.io/

  • You should be able to choose between two sign-in methods:

    • TrustBuilder Repository, which is the default IdP

    • TrustBuilder MFA, which is the Identity Provider previously configured and added into the Access flow.
      Choose TrustBuilder MFA to test the MFA.

       

  • Authenticate with TrustBuilder MFA.
    The flow is different depending on the MFA trusted device used (mobile, desktop or browser token) and the multi-Factor authentication method chosen. See https://docs.inwebo.com/documentation/multi-factor-authentication-methods

  • After a successful authentication with TrustBuilder MFA, you access the Admin Portal.

If you encounter any problems, check the prerequisites and go through the configuration steps to see if anything is missing. Then try again.

Disable TrustBuilder default sign-in method

Be aware that at this stage you will change the TB administrator connection. If something is not correct you may not be able to connect anymore
Please carefully review the previous steps and and be sure to keep an administration session open in a browser before proceeding

  1. In TrustBuilder Admin portal, go to Access Management > Access flows.

  2. Edit the IDHub Default Scheme.

  3. Click on the link icon remove “User Password” of the access flow.

  4. Click on Save.

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.