[IN PILOT] Two-Factor/Multi-Factor Authentication

Modified on: Mon, 17 Mar, 2025 at 1:53 PM

Applies to:          Stayntouch PMS          


[IN PILOT] Two-Factor/Multi-Factor Authentication


Stayntouch PMS has now implemented Two-Factor (2FA)/Multi-Factor Authentication (MFA), which enhances security by requiring users to provide two or more forms of verification to access their account. 2FA/MFA reduces the risk of unauthorized access and protects sensitive information. Here are the key objectives of 2FA/MFA:

  1. Improved Security: By adding additional verification methods (e.g., something you know, something you have, or something you are), 2FA/MFA reduces the chances of cyberattacks, such as phishing, password guessing, or brute-force attacks.
  2. Protection Against Identity Theft: Even if a user's password is compromised, the additional verification steps make it harder for attackers to gain access.
  3. Mitigation of Weak Passwords: 2FA/MFA compensates for weak or reused passwords by adding extra layers of security, thus improving the overall security posture of the organization.
  4. Enhanced User Trust: Implementing 2FA/MFA signals to users that the organization prioritizes security, which can help build trust and confidence in the service.


By requiring multiple verification factors, 2FA/MFA significantly reduces the risk of unauthorized access, data breaches, and account takeovers.


2FA/MFA Criteria

  • Email address linked to the account needs to be up-to-date.
  • PMS user needs to have access to Google Authenticator app on their phone.
  • MFA for service providers must be activated by Stayntouch Admin. Please contact Customer Support to have the activated.
  • Once a PMS user authenticated their account with the Google Authenticator app, the authentication will be automatically saved for 30 days.
  • When 2FA/MFA is activated for the service provider, it will impact all users associated with the service provider group.
  • When a PMS user has selected to EMAIL CODE as the authentication method, the authentication will not be stored, meaning that the user will need to log in using MFA/OTP email the next time the user wants to access the PMS.


TABLE OF CONTENTS

FOR PROPERTY USER ROLES


To activate 2FA/MFA for users with access to a single property, the user will need to complete the following steps:


Step 1: Log Into Stayntouch PMS: The user will be requested to set up two-factor authentication when logging in to Stayntouch PMS.



Step 2: Two-Factor Authentication QR Code: The user will be able to set up two-factor authentication by scanning the QR code via their Google Authenticator app.





Step 3: Redirect To Login Screen: Once the QR code is scanned and the authentication code has been added, the user will be redirected to the login screen.



Step 4: Log In With Authentication Code: The user has now set up their Google Authentication app and can log in by using the authentication code displayed on their app.




Additional Use Case Scenario:

  • If a user does not have access to their Google Authenticator app, they will be able to EMAIL CODE to the email address that is associated with their PMS user.



  • When EMAIL CODE has been selected, a code is generated. Please note that the expiration will be adjusted; the code will remain active for 5 minutes.



  • The email will contain the following information:



  • The PMS user will be able to use the code to log into the PMS.

FOR SERVICE PROVIDER/MULTI-PROPERTY USER ROLES


For hotel chains managing multiple properties, role templates can be used to require MFA for users across properties. To require a user to log in with MFA based on an assigned service provider or Multi-Property role, the following steps need to be taken:


1. Define The Role:

  • Login as a service provider or Multi-Property user.
  • Navigate to the Configuration tab.
  • Click Roles & Permissions.
  • Click Create Template.
  • Give the template a name, select a dashboard, and enable the MFA Required toggle.
  • Assign permissions to the role and click Create User Role.



2. Activate The Role:

  • This creates records linking the permissions to the current hotel chain.



3. Assign The Role To A Service Provider/Multi-Property User:

  • From Configuration > People, select the user.
  • Assign them the role created under the Access section.
  • Click Save my changes.



Now that the user has a role assigned that requires MFA, upon their next login, they should be prompted to enroll in two-factor authentication. Disregarding any other roles or circumstances requiring two-factor, this will remain a requirement for that user as long as they assigned this particular role, or as long as MFA is required for that role template.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.