ADVANCED AUTHENTICATION

 

Advanced Authentication is an optional module that allows for enabling Two-Factor Authentication, and/or SSO (Single Sign-On) from either Google or Microsoft Azure Active Directory. For pricing and additional information, please contact your account manager. For our Advanced Authentication video, click here.

 

To access and enable these settings, do the following:

 

  1. Log in to eimmigration.
  2. Navigate to the Administrative Tools.
  3. Click Application Settings.
  4. Click the Security tab.

 

MULTI-FACTOR AUTHENTICATION (2FA/MFA)

 

  1. From the security settings, check the box for Multi factor authentication. Click Save.
  2. The next time a caseworker logs in, they will be prompted to receive a code, either by phone or Email. Click Submit.
    1. By phone will send a text message code to the mobile number associated with the caseworker account.
    2. By Email will send a code via Email to the address associated with the caseworker account.
  3. Once you've received the code, enter it into the appropriate field. Choose to either remember the browser or not, then click Submit.

 

ENABLING SSO USING GOOGLE AUTHENTICATION

 

  1. The way the system matches users from Google and eimmigration is by user name. Therefore, in order for Google authentication to work, you must make sure your eimmigration username is the same as your Google login Email address. Once you can verify this, proceed to step 2.
  2. From the security settings tab, select Google as the External Authentication Provider. Click Save.
  3. The next time you access your eimmigration site on a new session, you'll see the Google Authentication instead of the standard eimmigration login page. Sign in using your Google account credentials.

 

 

ENABLING SSO USING AZURE ACTIVE DIRECTORY (AAD)

 

  1. From the security settings tab, select Azure Active Directory (AAD) as the External Authentication Provider, enter the required AAD items. Click Save.
  2. Here is a general view of the AAD setup, along with some notes:
    1. Set the Tenant ID and Name from the AAD portal (tenant name is the domain your AAD is bind to not the display name).
    2. Save and all caseworker logins would be automatically be forwarded to AAD from that point on.

 

NOTES:

  • The way the system matches users from AAD to caseworkers is by login username, which should match AAD’s UPN (user principal name), that is their main Email address (or as shown below user name).
  • You can have 2FA/MFA on with AAD on as well, you would sign in via AAD and MFA (AAD could have MFA as well).