NinjaCat has stepped up its security for user log ins. Multi-factor Authentication (MFA) is now available for agencies upon request. MFA provides superior security due to the requirement of a six digit verification code provided by a mobile device app used in conjunction with your user login credentials.

Feature Activation Request

If your agency is interested in using MFA it can be enabled by NinjaCat at your request. Contact the main NinjaCat user in your agency. They will reach out to and partner with your agency's Customer Success Manager here at NinjaCat to begin the process. If you aren’t aware of your Customer Success Manager contact our Customer Advocate Team through support. They will contact your agency’s Customer Success Manager and the documented point of contact for your agency will be consulted on the request, implementation, and result of the heightened security provided by MFA.

Multiple Modes for MFA

Once MFA is enabled there are two choices for its implementation.

1. Optional - When set to optional users have the ability to turn on MFA for their own user account. Once MFA is enabled, users will be required to go through a one time initial set up. After initial set up is complete users will be required to provide a six digit verification code to login to NinjaCat.
   • 'Optional' Setting one-time initial set up:
     • Click on Name in top right corner
     • Click on 'Profile'
     • Click on Lock icon next to MFA on user profile screen
     • Click on blue 'Enable MFA' button on left of the screen
     • Enter Password and click 'OK' to verify
     • Write down MFA 'Secret' and store securely
     • Use Authorization App to create account, scan QR code, and receive six digit code.
       • We recommend Authy - Android | iOS and Google Authenticator - Android | iOS
     • The next time the user logs in they will be required to enter the six digit verification code from their mobile device.
2. Always On - When 'always on' all users will be required to use MFA. Once MFA is enabled, users will be required to go through a one time initial set up. After initial set up is complete users will be required to provide a six digit code to login to NinjaCat.

Initial Set Up

The first time a user logs in after MFA is enabled they will be prompted to perform the setup steps explained on the log in screen:

Mobile device set up example from Authy:

Expected Log In Behavior

After the initial setup the user will have to have their mobile device with them whenever they log in to NinjaCat in order to receive the required six digit verification code from their authentication app. Likewise, if the mobile device is lost, damaged, or stolen the six digit verification code will not be available and the user won’t be able to log in to NinjaCat.

For that reason the suggestion in the set up steps to write down the MFA “secret” and securely store it is strongly recommended so that a new device can be connected to the already present authentication account. If the original mobile device AND  the MFA “secret” are both unavailable the Customer Advocate Team will be able to reset the MFA status for a user to allow a new authentication account to be created and a new mobile device linked.