Authentication in Riffyn is supported by a third party (Okta) and can be augmented with multiple security settings. These settings include:
- Multi Factor Authentication (MFA).
- Ability to generate and revoke API keys.
- Ability to generate and revoke timed expiration access tokens.
Each of these security option is configured by clicking on your user account icon and selecting "Security Settings".
Multi Factor Authentication
Multi Factor Authentication (MFA) is additional security measure for your account that requires you to enter an offline code from another device. Riffyn uses Google Authenticator to generate secure codes each time you login into Riffyn. You must opt-in for your account by toggling the "Authenticator Verification" option. If you are an organization admin please contact firstname.lastname@example.org to enable MFA for all your users.
API keys can programatically be generated via the API (https://api.<myLocation>.riffyn.com) or via the "API Key" option in the security settings modal. API keys are only needed if you want to programatically interact with Riffyn and not needed for most users.
In cases where you want to grant another program temporary access to your account or have a time-bound window for programmatic access of Riffyn you can use an access token. These access tokens function the same as an API key when passing authentication parameters. Access Tokens are only needed if you want to programatically interact with Riffyn and not needed for most users.