Users in Scope for MFA
Affected Users
To support the MFA requirement, Paymetric has implemented two-factor authentication for the following interfaces and user types for both QA and Production environments:
Interface | Users in scope |
---|---|
Merchant Portal |
All Merchant Portal users must enroll in Duo and are then prompted for two-factor authentication upon each login. |
XiPay WebGUI |
All users with permissions to view raw card numbers must enroll in Duo. Users are prompted to enroll in Duo two-factor authentication the first time they attempt to view a raw number in a given session. Going forward, users are prompted to authenticate via Duo the first time they attempt to view a raw card number within a given session. Users are not prompted per card number. |
Intercept Standalone and SAP |
All organization admin users and any end users with detokenization privileges must enroll in Duo. Users are prompted to enroll in two-factor authentication the first time they attempt to detokenize in a given session. Going forward, users are prompted to authenticate via Duo the first time they attempt to detokenize within a given session. |
Number of Duo Accounts - QA & PROD Environments
-
There are separate Paymetric Duo multi-factor authentication accounts for QA and Production. A user only needs to enroll once for Paymetric Duo access for a given phone number, tablet, or hard token for a given environment, QA or Production.
-
So for example, if you are prompted when logging in to Merchant Portal to setup your Duo account. Then you later log in to XiPay WebGUI and have the Admin permission role, you will just be prompted for two-factor authentication login whenever logging into XiPay. You will not have to enroll via that interface as well.
-
Merchant Portal only has a Production environment. If you enroll in Duo via the Merchant Portal, you will automatically be enrolled in both XiPay WebGUI and Intercept Standalone/SAP Production environments and vice versa.
-
For XiPay WebGUI and Intercept Standalone/SAP interfaces, you will be prompted to enroll the first time you access either of the QA environments.
-
For SAP users that only launch Intercept from within SAP, you should not be affected. It would only apply if you launch Intercept directly from your browser using the URL and separate login credentials.
How to Find Merchant Portal Users
-
Log in to Merchant Portal. https://merchantportal.paymetric.com
-
Go to Settings > Merchant Profile > Users.
-
Review the Two-Factor Authentication column to see if a user is Active, Not Enrolled or Locked.
-
Click in the column to unlock a Locked or un-enroll an Active user.
How to View XiPay WebGUI Admin Users
-
Log in to Merchant Portal at https://merchantportal.paymetric.com
-
Go to Settings > Services > XiPay (XiPay) > WebGUI (Virtual Terminal) Users.
-
For group by: Select member of.
-
Review the Two-Factor Authentication column to see if a user is Active, Not Enrolled or Locked. Click in the column to unlock a Locked or un-enroll an Active user.
View Intercept Detokenize Users
-
Log in to Intercept Admin site.
-
QA: https://qaapp01.XiSecurenet.com
-
PROD: https://qaapp01.XiSecurenet.com
-
-
Go to Administer Organization > User Management.
-
Review the Two-Factor Authentication column to see if a user is Active, Not Enrolled or Locked. Click in the column to unlock a Locked or un-enroll an Active user.