Multi-factor Authentication (MFA) requires users to provide two or more verification factors when activating a VirnetX One Client or VirnetX Matrix Server. This is an organization policy that can be applied to 1) all users in your organization, 2) only administrators or 3) rolled out in a phased approach to individual users.
VirnetX provides a default authentication method, based on the user's email address, for activating the VirnetX One Client or VirnetX Matrix Server. With MFA enabled, users will be required to authenticate with one of the following combinations:
- Activation code send to user's email address + Authenticator app code
- Password + Authenticator app code
When using Microsoft Authenticator, an additional biometric authentication is required from the user to open the Authenticator app and view the app code.
Multi-factor Authentication (MFA) Policy Settings
There are four (4) organization MFA policy settings:
- Disabled (default) - MFA is disabled for your organization and users are not required to use MFA when activating.
- Optional for all users - Users must enable MFA for themselves. This setting allows organizations to roll out MFA using a phased approach prior to requiring it for all users
- Required for administrators only - Requires users with an Administrator role to use MFA authentication. Analyst and support roles are excluded.
- Required for all users - All organization users are required to use MFA. This is the recommend setting to protect your organization.
The MFA policy settings are available from the VirnetX Admin Console. Navigate to the Users page and click on the Security tab.
Support Authenticators
The following authenticators are recommended:
- Microsoft Authenticator
- Google Authenticator
- YubiKey by Yubico (Click here for integration set-up steps)
Multi-Factor Authentication (MFA) User Enrollment
User or Administrator
Users or administrators will complete the MFA enrollment process during the activation of the VirnetX One Client, if required by the organization MFA policy (e.g., Required for administrators only or Required for all users).
First, complete the normal successful activation steps after installing the VirnetX One Client. After successful activation, you will be required to setup MFA before continuing.
Open the Google or Microsoft authenticator application on your mobile device. You will need to add an account to your authenticator application by scanning the QR code shown on the VirnetX One Client Dashboard. After scanning the QR code a new account will be created named VirnetX with your email address.
Next, from the authenticator application, get the 6-digit one-time password code from the new VirnetX account that was created. Type this code into Code from Authenticator App field on the VirnetX One Client dashboard and click Verify.
The MFA enrollment process is now complete. Each time you activate a device or VirnetX Matrix Server you will be required to enter the 6-digit one-time code from your authenticator application.
Existing User
Open the VirnetX One Client Dashboard. Click on the three-bar icon in the upper left to open the sidebar menu. Click the Preferences menu option in the sidebar.
Next, click the Multi-Factor Authentication (MFA) menu option. Click Enroll Now to start the enrollment process. You will need to have an authenticator application installed on your mobile device.
Open the Google or Microsoft authenticator application on your mobile device. You will need to add an account to your authenticator application by scanning the QR code shown on the VirnetX One Client Dashboard. After scanning the QR code a new account will be created named VirnetX with your email address.
Next, from the authenticator application, get the 6-digit one-time password code from the new VirnetX account that was created. Type this code into Code from Authenticator App field on the VirnetX One Client dashboard and click Verify.
The MFA enrollment process is now complete. Each time you activate a device or VirnetX Matrix Server you will be required to enter the 6-digit one-time code from your authenticator application.
VirnetX One Activation with Multi-factor Authentication
Let's walk through the user activation steps on the VirnetX One Client with MFA enabled. After installing the VirnetX One Client on Windows, macOS, iOS or Android follow the steps below.
Get started by clicking Next after the welcome screen.
Click Accept after reviewing our license agreement, privacy policy and privacy notices.
Enter your email then click Next.
This next step will only appear if you are a member of multiple organizations.
You will need to enter the organization identifier (e.g., us-mycompany) of the organization where you are activating the VirnetX Matrix Server. The organization identifier can be found in your welcome email.
Click Next to continue.
Enter the activation code that was sent to your email. Click Verify to continue.
Enter the 6-digit code from your authenticator (e.g., Google or Microsoft).
After successful activation, the VirnetX One Client Dashboard will load showing you the list of protected applications that you have access.
Reset User MFA
An administrator can reset the MFA for a user should they lose access to their authenticator (e.g., changed/lost phone) from the VirnetX Admin Console.
From the VirnetX Admin Console, go to the Users page and find the user that needs their MFA reset. Click on the name of the user to view the user details page. Next, click the User Actions button and then click the Reset MFA from the menu.
The user will need to activate a device with the VirnetX One Client to complete the MFA enrollment process and setup their authenticator.
Frequently Asked Questions (FAQ)
What happens if the MFA Policy is cycled from All Required to Disabled?
Disabling the MFA policy will revoke Authenticator credentials for all users in your organization. Changing the MFA policy back to All Required will force all users in your organization to setup MFA again.