Skip to content

Mail-MFA Configuration

Mail MFA is a second factor authentication option that validates a user by a MFA code sent to the user's email address. The software might optionally use second factor authentication provided by the configured Mail MFA provider to verify users logging in to the software.

The system supports multiple MFA providers assigned to different users and groups for the purpose of system authentication as well as default MFA provider.

Before configuring the Mail MFA provider, the system owner needs to integrate with an SMTP provider. This integration enables the Mail MFA provider to send MFA codes. The software supports configuring multiple Mail MFA providers, allowing them to be assigned to different users and groups. This flexibility enables system owners to test Mail MFA and SMTP configurations, as well as utilize distinct Mail servers for users based in various regions.

The Mail MFA provider offers the ability to choose multiple SMTP servers for fallback error handling. If one server fails to deliver emails, the software configured with multiple SMTP servers in the Mail MFA provider will sequentially attempt to send emails through each server until the first successful email notification is sent to the user.

Note

12Port includes a default Mail MFA template named Mail MFA. This template will add all new SMTP connections that are created to it without requiring additional configuration.

If you wish to customize this behavior or create multiple templates, we recommend you disable this default Mail MFA template and use the Add button to create your own as needed.

How Mail MFA Works

After an SMTP configuration is made successfully and Mail MFA enforcement has been properly assigned to a User or Group using the MFA Rules configuration, a user will be required to enter a verification code they received to their email address to authenticate into 12Port.

Note

An account must have a valid email address assigned to it to receive mail mfa emails. If it does not, this user will not be able to authenticate into 12Port.

Here is how the login process occurs from the user's perspective:

  1. The user opens their browser to the tenant's login page and they enter their credentials. They click the Login button to advance.

  2. They are automatically directed to a second authentication page that requires them to enter the code received in their mailbox.

    Second Factor Mail MFA Prompt

  3. The user must enter this code into the provided field and click the Login button to authenticate. If the user does not enter a value or enters an incorrect code, they will fail to authenticate and must restart the login process from the beginning to receive another email code.

    Mail MFA Code Received

Tip

You can customize the verification code email template by modifying the mail-mfa template located in Configuration > Templates.