MFA will be enabled automatically starting December 3, 2024 on all organizations.
If you wish to opt in and activate MFA for your organization prior to the December 3 roll-out, please contact SpotMe Support.
At SpotMe, making sure your event data is protected at all times is our top priority.
With this in mind, when SSO is not used to log-in, we will require SMS-based Multi-Factor Authentication (MFA) in order to access Backstage. This involves sending a one-time code via SMS to your mobile phone, which you can use to verify your identity in addition to your password when you log in to Backstage.
MFA adds an additional layer of security to protect against unauthorized access. By enhancing the security of your Backstage account, you will ensure your event data is better protected against potential threats.
When and how will MFA be required?
MFA has been available for individual organizations as opt-in since November 11, 2024, and will be enabled automatically starting December 3, 2024 on all organizations.
If you wish to opt in and activate MFA for your organization prior to December 3, please contact SpotMe Support. Otherwise, you can wait until the December 3 roll-out, as it will be activated automatically.
Recommended actions for organizations to perform prior to activating MFA on Backstage
At the organization level in Backstage, to ensure that you are all set for MFA to be enabled, it is highly recommend that you:
- Make sure that you have at least two organization admins in your organization. Organization admins are responsible for managing any requests from their organization members with regards to resetting their phone number. For more information on this, please refer to the How to reset a Backstage user’s phone number section below.
- Make sure that all your Backstage users are familiar with the specifics detailed in this article, and that they know who their organization admins are should they need to ask them to reset their phone number in Backstage.
How do users access Backstage once MFA is required?
As a Backstage user, once MFA is enabled for your organization, you can simply follow the instructions that are displayed on screen when you log in to Backstage.
The possible scenarios are detailed below.
If Backstage SSO (enterprise login) is not enabled on your organization:
- On the first time that you log in using a given device/browser/location, you will have to enter your email address, your password, your phone number, and the MFA SMS code that was sent to your phone. More information on how to log in to Backstage
- The second time you log in using a given device/browser/location:
- If you selected the "Remember me for 14 days" checkbox when you logged in the first time and it has been less than 14 days since that login, then you will only have to enter your email address and your password.
- If you did not select the "Remember me for 14 days" checkbox when you logged in, or it has been more than 14 days since that first login, you will have to enter your email address, your password, and the MFA SMS code that was sent to your phone based on the phone number you already provided the first time you logged in.
If Backstage SSO (enterprise login) is enabled on your organization:
- If SSO is mandatory for your organization, you will always have to use the "Enterprise login" in order to login to Backstage.
- If SSO is not mandatory for your organization, you can either use the "Enterprise login" (in which case no SMS based MFA is required) OR you can enter your email address, your password, your phone number, and the MFA SMS code that was sent to your phone.
How can a Backstage user change their own phone number in Backstage?
Once MFA is enabled, you will need to provide a phone number that will be used to send you a one-time code in order to perform MFA when you log in to Backstage.
There may be instances where the Backstage user will need to change their previously provided phone number, in order to use a different one for the MFA authentication. This can be if the person has lost their phone, changed their number, or simply does not have access to their phone.
If you still have a valid session open in Backstage that allows you to log in without going through MFA, then you can go to your personal settings in Backstage and update your phone number there.
To do so, click on your initials in the bottom left of the page and click on your name there. The following screen is displayed where you can change your phone number and save your changes:
In order to confirm the change of phone number, Backstage will send you a code via SMS to the newly entered phone number. You will need to enter the received code in order to confirm the change of phone number:
If you do not have a valid session open in Backstage and cannot access Backstage to change your phone number, please refer to the section below on How to reset a Backstage user’s phone number.
How to reset a Backstage user’s phone number?
- If you are a Backstage user (non organization admin) and you no longer have access to Backstage in order to change your own phone number, please contact your organization admin. They will verify your identity and reset your phone number, allowing you to log in to Backstage by providing a new phone number and going through the MFA.
- If you are a Backstage organization admin and need to reset your phone number, please contact another admin for your organization. They will verify your identity and reset your phone number, allowing you to log in to Backstage by providing a new phone number and going through the MFA.
- If you are a Backstage organization admin and you are unable to ask another organization admin to reset your phone number, please reach out to SpotMe Support for assistance. SpotMe support will verify your identity and reset your phone number, allowing you to log in to Backstage by providing a new phone number and going through the MFA.
The action of resetting a Backstage user’s phone number is only available to organization admins and SpotMe Support.
Organization admins can reset (remove) a user’s phone number by accessing the Members tab in the organization:
Here they can click on the Remove user phone button, and then confirm their choice:
At this point, the Backstage user who has had their phone number removed will need to log in again to Backstage in order to access any workspaces. This means that, if applicable, they will need to provide a new phone number and go through the SMS-based MFA step.
Comments
0 comments
Please sign in to leave a comment.