Skip to content

Multi-factor Authentication

Overview

Starting January 05, 2023, ImmPort will enforce Multi-factor Authentication (MFA) on the Private Data Management Portal (immport.niaid.nih.gov) for enhanced security. Upon successful log in, ImmPort users will be redirected to the MFA registration page to configure an MFA method for obtaining one-time password (OTP) codes. Please read below for more details.

Please note that, MFA is not enforced on the Shared Data Download Portal (www.immport.org). ImmPort users can continue to login to the download portal with their username and password to download the publicly available data sets without MFA.

FAQ's

What is Multi-Factor Authentication (MFA)?
Multi-factor authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.

Why is MFA Important?
The main benefit of MFA is it will enhance your data security by requiring you to identify yourself by more than a username and password. While important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties. Enforcing the use of an MFA factor means increased security to your data.

How Does MFA work?
MFA works by requiring additional verification information (factors). One of the most common MFA factors that users encounter are one-time passwords (OTP). OTPs are those unique codes that you often receive via email, SMS or some sort of mobile app. With OTPs a new code is generated periodically or each time an authentication request is submitted. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which could simply be a counter that is incremented or a time value.

ImmPort MFA Registration

ImmPort provides the following two authentication methods for MFA authentication.

1. Authenticator App: Register a time-based one-time password (TOTP) authenticator app for obtaining one-time-passwords for MFA authentication.
2. Email OTP Code: Register your email address for obtaining one-time-passwords for MFA authentication.

MFA registration options: Authenticator App and Email OTP code.

ImmPort MFA Authentication Methods

Authenticator App

Register a time-based one-time password (TOTP) app for obtaining one-time-passwords for MFA authentication. To configure TOTP you will need to install an authenticator application that can generate OTPs such as Authy, Google Authenticator or Microsoft Authenticator on your mobile or laptop device.

MFA Authenticator App registration screen. Activate with the QR code or enter code in authenticator: 7P3PJ465I65FQ6HD6YGE46XUBP2GSDTK.

MFA: Authenticator App Registration



Enter the OTP code from your registered app to enable MFA authentication. A backup OTP code can be sent to your registered email if you don't have your authenticator app.

Screen showing where to enter the OTP code from the authenticator app for MFA verification.

MFA: Authenticator App Verification

Email OTP Code

Register your email address for obtaining one-time-passwords for MFA authentication.

Screen showing an email OTP registration page.

MFA: Email OTP Registration



You will receive an OTP code to your registered email address.
Note: The OTP code sent to your email will expire in 10 minutes. If expired or invalid, you can request another OTP code.

Screen showing OTP code sent to your email.

MFA: Example email with MFA OTP



Enter the OTP code from your email to enable MFA authentication.

Example email showing a one-time-password for authentication, with instructions on OTP code. Contact ImmPort_HELPDESK@mail.nih.gov.

MFA: Email OTP Verification

Update MFA

Access your "My Profile" page to update MFA authentication method, registered email address, registered authenticator app.

Screenshot of the 'Welcome, User' tab with 'My Profile' underneath.

User Profile



'My Profile' page with authentication enabled using an authenticator app.

User Profile: Authenticator App enabled



Screenshot of the 'My Profile' page with mult-factor authentication enabled using email.

User Profile: Email OTP Code enabled

Need Assistance?

Please contact the ImmPort helpdesk(ImmPort_Helpdesk@immport.org) for assistance.