Articles in this section

Global Admin: Identity Provider (IdP) and Multi-factor Authentication (MFA)

Avatar
Moriah Waiters
Updated
Follow

Jump to Section:

 

Video

Overview

As of March 31, 2025, Global Admin securely protects stored data via two industry-standard service protocols: the Personify Identity Provider (IdP) and Multi-Factor Authentication (MFA).

GA_Landing.png

IdP and MFA comply with current security standards, prevent sensitive user data breaches, and ensure that personally identifiable information (PII) remains securely protected.
 

Personify IdP

The Personify IdP is a completely multi-tenant SaaS application solution with one single sign-on application and database servicing for all clients. Our solution is up-to-date on modern technology, utilizing Oauth 2.0 and OpenID Connect to provide seamless login across your Global Admin backend database and the event-specific front-facing Event Portal sites.

GA_LoginIDP.png

Show management uses one unique e-mail address and password per user account, also known as IdP-based credentials, to access both systems. It also safeguards sensitive information by employing MFA to offer an extra layer of protection for administrator access to the database.
 
MFA will be enabled & required for all GA accounts on March 31, 2025.
 

Multi-Factor Authentication

Multi-factor authentication is a two-step security measure that requires users to confirm their identity by providing two types of identification. Essentially, it works as a dual method for ensuring it's you by requiring two verifications of identity before a successful login, including:

  1. Something you know (e.g., your password).
  2. Something you have (e.g., a code sent to your e-mail).
 
GA_MFA.png
Global Admin's MFA does not require users to download a unique token generator or an app; instead, it sends an authentication code to the e-mail address associated with your account to confirm your identity. 
 
Other advantages of MFA include:

  • Unique and time-sensitive passcodes: MFA uses temporary, unique passcodes that expire quickly, reducing the risk of unauthorized reuse.
  • Ease of use: MFA methods, such as codes sent by e-mail, are convenient and straightforward to manage.
  • Prevention of unauthorized access: Users cannot log in without the second factor, such as a code sent to their e-mail.

 

MFA does not affect non-admin users or GA contacts with Event Portal user accounts.

 

Important Notes

  • Global Admin users must now verify the e-mail address associated with the user account upon enablement and first-time login.

  • Once verified, upon each login, users receive a one-time verification code via e-mail, which admins must enter to complete the login process.

  • GA Accounts that were not created in Global Admin before performing the IDP login steps cannot access the database via IDP login.

  • Ensure the email address tied to the Global Admin user account matches the Event Portal email address to prevent password credential issues. Access may be restricted if the email addresses do not match.

  • If needed, contact the A2Z Support team if you cannot access the database or confirm the email address associated with the GA User account.

  • After IdP is enabled, upon first logging into the system, Global Admin users with access to multiple databases, such as third-party vendors, should click the Forgot Password/First Time Login link to reset the password associated with the account.

  • Logging out of GA will also log the user out of the IdP service. As a secondary option to logging out, navigate to https://prod.personifyauth.com to ensure your account has successfully logged out of the IdP service.

  • Once enabled, the MFA token is automatically sent to the email address associated with the IDP/GA account.

  • If the "Remember My Login" on the IdP login page and "Remember this Machine" on the MFA token page have been selected, clearing browser cookies resets the option. Once cleared, users are forced to re-enter credentials to successfully access the system.

  • The "Remember this Machine" checkbox on the MFA token page is configured to minimize reentry for up to 30 days. 
    When selected, this option only applies to the specific web browser and device being used. Users must re-enter their credentials, complete MFA, and select the Remember this Machine checkbox when logging into a new device or using a new browser on an existing device for the first time. 

 

Steps to Login

Perform the following steps to complete Login to Global Admin via IDP and confirm your identity via Multi-Factor Authentication:

  1. Navigate to the Global Admin Login page.
  2. Click Login.
  3. On the IDP login page, enter your email address
  4. Enter your GA password
  5. Click Login
  6. Check your email to retrieve the two-factor authentication code
  7. Enter the code in the Verification Code field
    Click "Remember this machine" to minimize repeated prompts for up to 30 days.
  8. Click Login

Troubleshooting MFA

If you have trouble receiving verification codes through e-mail, try these steps:

  • Try re-sending the code.
  • Check your e-mail's junk or spam folders.
  • Ensure you're not on a public network (e.g., at work or school), as your IT department may be blocking the e-mail.

Please contact our Support team or your Project Manager if you have general questions or need assistance with setup or troubleshooting. 

Related articles

Powered by Zendesk