Multi-Factor Authentication requires all Evidence.com administrators and users with critical action permissions to use multi-factor authentication when signing in and when completing critical actions. It adds a layer of security to ensure an agency's most powerful Evidence.com user accounts are secure and protected from malicious attacks.
Note: If your agency uses Single Sign-On (SSO) functionality, then multi-factor authentication is disabled by default. If needed multi-factor authentication can be enabled for SSO agencies. Contact your Axon representative for more information.
After a user makes a critical change, Evidence.com asks them to enter a security code. The security code is sent to the user’s mobile phone or email address, depending on the Multi-Factor Authentication settings for your agency. In cases where your agency delivery method setting is set to send to the user's mobile phone and the user does not have a verified phone number listed in their user information, the system will automatically send a security code to the user's email address.
After the user enters the security code, the action is completed. Further authentication is not required for other critical actions taken within the number of minutes specified in the account settings.
Additionally, when signing in to Evidence.com, there are some cases (such as signing in from a new IP address) where users with critical action permissions are asked to enter a security code to complete their sign in.
You can also enable multi-factor authentication for all users in your agency. If enabled agency-wide, the standard security question authentication is replaced with a multi-factor authentication when any user signs in or makes a critical change.
Critical Action Permissions
Users that are assigned a Role with critical action permissions are required to use multi-factor authentication when signing in and when they make a change associated with the permission. The following permission settings are considered critical action permissions for multi-factor authentication:
- Configure Agency Security Settings = Allowed
- Edit Agency Settings = Allowed
- Edit Device Offline Microphone Settings = Allowed
- User Administration = Allowed
- Category Administration = Allowed
- Delete Evidence & Edit Date Recorded = Any Evidence
- Access Restricted Evidence = Allowed
Multi-Factor Authentication Account Settings
To set or change the Multi-Factor Authentication settings for your agency:
- On the menu bar, click Admin and then under Security Settings, click IP Address.
- Scroll down to the Multi-Factor Authentication settings section below the IP Active Session Security settings.
- Select if Multi-Factor Authentication will apply Agency-Wide or for Admin Only users.
The Agency-Wide setting requires all users to enter a security code delivered by phone or email when they sign in to Evidence.com or when they make a critical change.
The Admin Only setting only requires users assigned to Roles with critical action permissions to enter a security code when they sign in or when they make a critical change. All other users will continue to be prompted with security questions.
- Choose the delivery method for the security codes; SMS Text or Automated Call Back or Email.
Axon recommends using SMS Text, since using a mobile phone is normally the fastest method for receiving the security code.
- Enter how long, in minutes, the security code is valid in Evidence.com in the Security Challenge Frequency field. After the codes expire, users are prompted to enter new codes. The value can be any whole number from 2 to 20 minutes.
- Click Save.
Your agency’s Multi-Factor Authentication Settings are now configured.