Configuring Global Multi-Factor Authentication

Objective

After completing this lesson, you will be able to configure Global Multi-Factor Authentication (MFA) settings to enhance account security across the organization.

Global Multi-Factor Authentication

Global Multi-Factor Authentication (MFA) provides an essential layer of security by requiring users to provide two or more verification factors to gain access to SmartRecruiters. This prevents unauthorized access even if a user’s password has been compromised.

Authenticator apps generate codes directly on a user’s device, which reduces reliance on email delivery and lowers the risk of unauthorized access. This update aligns organizations with modern security best practices while providing the flexibility to implement MFA across different user groups.

The company can choose between two primary enforcement states:

  • Optional: Users can choose to enable MFA for their own accounts via their Personal Settings. This is ideal for testing or for organizations with varying security requirements.
  • Mandatory: Every user is required to set up MFA. Users who have not yet enrolled will be forced to complete the setup process during their next login attempt.
SmartRecruiters MFA settings page showing options to enable one-time passcodes via authenticator app (recommended) or email, with toggle switches for each method.

Configuring MFA Settings

Steps

  1. Navigate to User MenuSettings.

  2. In the Administration section, select Global Multi-factor Authentication.

  3. Choose and toggle on the desired authentication method(s):

    • Authenticator App: Users confirm their identity by entering a time-based code generated on their phone by apps like Google Authenticator or Microsoft Authenticator.
    • One-Time Passcode via Email: Users are prompted to enter a unique security code sent to their registered email address each time they sign in.

    Note

    Once enabled, these requirements apply to all users except those logging in via Single Sign-On (SSO).

Setup Authenticator App (User Experience)

When an administrator enables authenticator apps as an authentication method, users follow these steps during their first login:

Steps

  1. Enter email address and password on the SmartRecruiters login page.

  2. Using a mobile device camera, scan the QR code displayed in the configuration window, or manually enter the secret key into the authenticator app.

  3. Enter the verification code provided by the app into the SmartRecruiters field.

  4. Select Verify and Continue.

Access Management and Recovery

  • Self-Serve Recovery Codes: Users can generate and securely store recovery codes as a backup mechanism to regain access if they lose their device or face email delivery issues. These are accessed via User MenuSettingsMy AccountMulti-factor Authentication.
  • Administrative Reset: If a user is locked out, an administrator can reset their MFA settings by navigating to SettingsUser Management , finding the specific user, and selecting Reset Authenticator App from the edit menu.

Authenticator apps generate codes directly on a user’s device, which reduces reliance on email delivery and lowers the risk of unauthorized access. This update aligns organizations with modern security best practices while providing the flexibility to implement MFA across different user groups.

Summary

  • MFA ensures that a compromised password alone is not enough to access a SmartRecruiters account.
  • Administrators can enable time-based authenticator apps, email-based passcodes, or both to suit company security policies.
  • The use of recovery codes and administrative reset capabilities ensures users are not permanently locked out of their accounts due to device loss.
Learning
SAP FacebookSAP YoutubeSAP LinkedIn