Admin > Manage Security
The Berkshire Client Portal has been enhanced to now include Multi-factor Authentication (MFA) and Single Sign On. With the appropriate system profile, these features can be activated in the Manage Security page. The new page can be accessed through the Admin drop-down menu which is located in the top right of all BCP page.
Multi-factor Authentication (MFA)
Multi-factor Authentication (MFA) is an authentication method that requires multiple verification factors to gain access. Activation of this option, for your account, is available through the Manage Security page.To activate this feature, select the Require MFA for all users checkbox and then click the [Save] action on the right. All users, at their next log in, will then be instructed to scan to the displayed QR code using Google Authenticator, Microsoft Authenticator, Authy or other similar applications.
Once the code is scanned, the application will create a six digit code that will be used every time you login to the Berkshire Client Portal.
Single Sign-On
Single Sign-On (SSO) enables users to log in to multiple applications and websites with one set of credentials. Activation and maintenance of this feature is now available for the Berkshire Client Portal through the Manage Security page.Download BCP Metadata File and Encryption Certificate
The first step in adding Single Sign-On for your BCP account would be to set up the connection within your SSO provider. To assist in this process, we have provided you with the ability to download the BCP Metadata File. This file will then be uploaded into your SSO provider to populate the required information and needed certificate. Depending on your SSO provider, the encryption certificate may need to be uploaded separately. To accommodate, we are also providing the ability to download the BCP Encryption Certificate.Upload Company Metadata File and Encryption Certificate
After setting up the connection with your SSO provider, your next steps will be to enable SSO for your BCP account and upload your company's Metadata information into BCP. The Enable Single Sign-On setting will be on the left side of the SSO Configuration page. Once the setting is turned on, the [UPLOAD METADATA] will activate. Selecting this action will open a window where your company's Metadata information can be uploaded.Uploading your company's Metadata information, will populate the following SSO settings listed below and the Encryption Certificate, if it was included in the file.
- Entity Name/ID
- SSO Login URL
- SSO Logout URL
If your company's Metadata information did not contain the Encryption Certificate, it can be uploaded separately through [UPLOAD CERTIFICATE] .
After all required fields have been added, use the [SAVE] action to complete the set up.
Optional SSO Features
- Sign Request: Validation of the signature of signed authentication requests.
- Sign Assertion: Confirmation of the requesting SSO user.
- Require Single Sign-On: Enforcement of SSO when accessing the Berkshire Client Portal. If this option is activate, the ability to use a traditional username/password will be disabled.
- User Alternate SSO ID: User email is the default identifier for the BCP SSO. If an alternate identifier is needed, it must be set per individual through the Manage User page.