2 Factor Authentication for LX Starter
Users with Super Admin or Consortium Super Admin roles will have the option to enable 2 factor authentication for all users or no users.
When 2 factor authentication is enabled, it will require all users to go through an additional security step in order to login (for example: entering a code sent to the user's email address).
-
Robyn commented
I very much agree with Eric that all users should have the option to enable MFA. I can't think of any advantage to limiting that option to only some users, especially since it's not just super admin roles with access to patron data.
SSO is a great suggestion as well, though I'm sure that would be a much more complicated solution to implement and I'd rank MFA as a higher priority.
-
Eric Young commented
I strongly support requiring Multi-Factor Authentication (MFA) for all users, regardless of role, as a critical step in strengthening overall security. Instead of creating a standalone MFA solution specifically for LX Starter, a more efficient approach would be to allow customers to configure Single Sign-On (SSO) with MFA through their existing identity management systems, such as Microsoft Entra ID or Google. This strategy enables customers to use their own trusted systems for MFA validation, consolidating authentication within a single, familiar platform. By reducing the need for multiple authentication sources, this approach simplifies security management, minimizes friction for users, and enhances control over access.