Authentication in Riffyn is supported by a third party (Okta) and can be augmented with additional options including:
- Enhanced security via Multi-Factor Authentication (MFA).
- Use of permanent (until you revoke them) API keys.
- Temporary access tokens.
Each of these options is configured by clicking on your user account icon and selecting "Security Settings".
You will see a window like this appear:
Multi Factor Authentication
Multi Factor Authentication (MFA) is additional security measure for your account that requires you to enter a secure offline code from another device such as your mobile phone. This code is generated through a synchronization mechanism that operates without internet access. So you can even use it on an airplane when you don't have cell phone access.
Riffyn uses Google Authenticator to generate these secure codes each time you login into Riffyn. To set this up, click the Reset button in "Authenticator Verification" section and follow this instructions. (You will need to download Google Authenticator to your device first.)
MFA must be activated for your organization. You cannot activate it individually. If it is activated for your organization, you cannot turn it off. You can only set/reset the link to Google Authenticator.
If you are an organization admin please contact firstname.lastname@example.org to enable MFA for all your users.
API keys can programmatically be generated using the Generate window displayed above or via the Riffyn SDE API (https://api.app.riffyn.com or https://api.mycompany.riffyn.com). Note that the key is displayed / provided only once. After that you will need to save the key or recreate one if you lose it. API keys are only needed if you want to programmatically interact with Riffyn and not needed for most users.
Instructions for generating API keys via the Riffyn SDE API are provided here.
In cases where you want to grant another program temporary access to your account or have a time-bound window for programmatic access of Riffyn you can use an access token. Access tokens expire after a period of time which you can set (up to an upper limit). These access tokens function the same as an API key when passing authentication parameters. Access Tokens are only needed if you want to programmatically interact with Riffyn and not needed for most users.
Instructions for generating Access Tokens follow the same procedure as generating API Keys which is described in help doc provided here.