News / 14.8.2023

Important Update: New Authentication Flow and Two-Factor Authentication in Grieg Connect

We are excited to bring you an important update regarding the security of your Grieg Connect experience. As a user with a Grieg ID and access to our software systems, we want to ensure that your personal and business-critical information remains secure. In line with this commitment, we are introducing a new authentication flow that includes Two-Factor Authentication (2FA) and federated login with Azure AD in our production environment.

What’s Changing?

As previously communicated in our June newsletter, Grieg Connect is implementing a new authentication flow with Two-Factor Authentication (2FA), designed to provide enhanced security for your data.

Implementation Date

The new authentication flow, including Two-Factor Authentication, is scheduled to be deployed on Wednesday, August 23rd, at 10:00 AM.

How Does it Work?

As soon as 2FA is deployed into our production environment you will be transitioned to the new authentication flow the next time you log in with your user. This process is divided into four steps

  1. Select an additional authentication method. You have the choice between SMS or an authentication app. If you’re uncertain, opt for SMS (the SMS flow will be explained in the subsequent steps). If you choose the authentication app, follow the instructions in the onboarding process.
  2. Enter the number to of which SMS should be sent
  3. Verify your account with the text code you receive on your phone
  4. Once your authentication method is verified, a recovery code will be displayed on the screen. IMPORTANT: Keep the recovery code in a safe place. This code can be used to reset your authentication if you encounter difficulties with 2FA usage (e.g. changing your phone number or issues with the authentication app)

After onboarding to 2FA you will continue to sign in using your familiar credentials (Username and password). After entering your credentials, you will be prompted to enter a one-time passcode sent to your registered mobile phone number.

This update applies to all users with a Grieg ID and access to software systems within the Grieg Connect product suite.

Haulier kiosk users, identities used to configure our Haulier kiosk solution, will be exempted from the 2FA login flow. These users can continue to authenticate using their usual username and password.

Preparing for the Change

To ensure a seamless transition to the enhanced security features, please ensure that you have access to a personal mobile phone to receive one-time passcodes during the onboarding and authentication process.


Additional Authentication Options

Passkeys

We are pleased to offer the flexibility of using passkeys (Multi-device FIDO credentials) as part of the 2FA process. This means you will have the option to register and utilize hardware-based authentication methods, such as fingerprint authentication, USB authentication keys, or any other supported means on your device.

  1. Click “Try another method” to enable passkeys
  2. Choose “Fingerprint or Face Recognition” and follow the instructions
  3. You will be prompted with the chosen 2FA method the next time you authenticate. Use “Try another method” to change back to 2FA with SMS

Microsoft federated login beta

We are also delighted to present a sneak peek of our federated login and single sign-on (SSO) feature based on Microsoft Azure AD. This exciting development allows you to conveniently log in using your Microsoft credentials, as long as your Microsoft provider (such as Microsoft Office 365) has prepared your organization’s Microsoft tenant for federated login.

The process for initiating Microsoft federated login is simple: just click on the “Continue with Microsoft” option within the login UI. By following the instructions presented during the Microsoft login flow, your Grieg ID will seamlessly link to your Microsoft identity.

  1. Click “Continue with Microsoft” to associate your Microsoft account to your existing Grieg ID
  2. Choose an account that has the same e-mail address as your existing Grieg ID

It’s important to note that your Grieg ID email address must match your Microsoft account’s email address to ensure proper association between the two accounts. In the event that your Microsoft email address doesn’t correspond to any of our registered Grieg ID users, our system will generate a new Grieg ID. However, please be aware that this new account won’t be linked to any Grieg tenant, requiring a Grieg tenant administrator to invite the newly created user.

It’s worth remembering that this feature is currently in its beta phase and may encounter occasional hiccups within your Microsoft environment. If you encounter any issues, we encourage you to reach out to us without hesitation. Your feedback is invaluable as we strive to refine and enhance this feature.

Need Assistance?

If you encounter any issues or require assistance, our dedicated support team is here to help. Feel free to contact us via phone or email.

https://griegconnect.com/support/

Thank you for your continued trust and partnership as we work to enhance the security of your Grieg Connect experience. We look forward to providing you with an even more secure and reliable platform.