ADVANCED AUTHENTICATION

 

Advanced Authentication is an optional module that allows for enabling Two-Factor Authentication, and/or SSO (Single Sign-On) from either Google or Microsoft EntraID. For pricing and additional information, please contact your account manager. For our Advanced Authentication video, click here.

 

To access and enable these settings, do the following:

 

  1. Log in to eimmigration.
  2. Navigate to the Administrative Tools.
  3. Click Application Settings.
  4. Click the Security tab.

 

MULTI-FACTOR AUTHENTICATION (2FA/MFA)

 

  1. From the security settings, check the box for Multi factor authentication. Click Save.
  2. The next time a caseworker logs in, they will be prompted to receive a code, either by phone or Email. Click Submit.
    1. By phone will send a text message code to the mobile number associated with the caseworker account.
    2. By Email will send a code via Email to the address associated with the caseworker account.
  3. Once you've received the code, enter it into the appropriate field. Choose to either remember the browser or not, then click Submit.

 

ENABLING SSO USING GOOGLE AUTHENTICATION

 

  1. The way the system matches users from Google and eimmigration is by user name. Therefore, in order for Google authentication to work, you must make sure your eimmigration username is the same as your Google login Email address. Once you can verify this, proceed to step 2.
  2. From the security settings tab, select Google as the External Authentication Provider. Click Save.
  3. The next time you access your eimmigration site on a new session, you'll see the Google Authentication instead of the standard eimmigration login page. Sign in using your Google account credentials.

 

 

ENABLING SSO USING ENTRAID

 

  1. From the security settings tab, select Azure EntraID as the External Authentication Provider, enter the required EntraID items. Click Save.
  2. Here is a general view of the EntraID setup, along with some notes:
    1. Set the Tenant ID and Name from the EntraID portal (tenant name is the domain your EntraID is bind to not the display name).
    2. Save and all caseworker logins would be automatically be forwarded to EntraID from that point on.

 

NOTES:

  • The way the system matches users from EntraID to caseworkers is by login username, which should match EntraID's UPN (user principal name), that is their main Email address (or as shown below user name).
  • You can have 2FA/MFA on with EntraID on as well, you would sign in via EntraID and MFA (EntraID could have MFA as well).