How to protect access to TrustBuilder Admin portal with MFA
This document describes the set up to protect TrustBuilder Admin portal access with TrustBuilder MFA.
Two cases are identified:
the TrustBuilder. io tenant and the MFA tenant are not linked by SAML connectors → see “Link the tenants”
the TrustBuilder. io tenant and the MFA tenant are already linked by SAML connectors → see “Configure users and access flow”
Prerequisites
You should have:
Access to TrustBuilder Admin portal with administrator rights.
Access to TrustBuilder MFA Admin console with administrator rights. As an admin, you should have at least one trusted device activated.
the same email should be configured for the user in both tenants (if “email” is used for authentication)
Link the tenants
https://yourcompany.trustbuilder.io/
You should be able to choose between two sign-in methods:
TrustBuilder Repository, which is the default IdP
TrustBuilder MFA, which is the Identity Provider previously configured and added into the Access flow.
Choose TrustBuilder MFA to test the MFA.
Authenticate with TrustBuilder MFA.
The flow is different depending on the MFA trusted device used (mobile, desktop or browser token) and the multi-Factor authentication method chosen. See https://docs.inwebo.com/documentation/multi-factor-authentication-methodsAfter a successful authentication with TrustBuilder MFA, you access the Admin Portal.
If you encounter any problems, check the prerequisites and go through the configuration steps to see if anything is missing. Then try again.
Disable TrustBuilder default sign-in method
Be aware that at this stage you will change the TB administrator connection. If something is not correct you may not be able to connect anymore
Please carefully review the previous steps and and be sure to keep an administration session open in a browser before proceeding
In TrustBuilder Admin portal, go to Access Management > Access flows.
Edit the IDHub Default Scheme.
Click on the link icon remove “User Password” of the access flow.
Click on Save.