Multi-Factor Authentication Prompts Additional Enhancement


AGIIS Multi-Factor Authentication Prompts Additional Enhancement

By Chris Crutchfield, Member Services Program Director

To strengthen AGIIS security, development is underway that will require users perform multi-factor authentication (MFA) to securely sign into the AGIIS database. Soon, users logging into AGIIS will be sent an email verification link to authenticate sign on.

In recent discussions surrounding MFA, the AGIIS Directory Oversight Committee (DOC) identified a concern using email as a second level validation. The concern is that some subscribers use a generic or group email address on user accounts for various internal business purposes. For example, some subscribers may associate a generic or group email address to all their user profiles so that email notifications regarding AGIIS Add or Update transactions are sent to one email address for review, instead of having them sent to a user’s business email account. The DOC came up with a solution that led to the enhancement, Entity Response Email Notification.

The Entity Response Email Notification enhancement was applied to the production environment on October 1 and allows subscribers to add their generic or group email address to their subscriber profile page in field labeled, “Entity Requests.” If this field is populated within the subscriber profile, email notifications related to an AGIIS Add or Update transaction will be sent to this address. If this field is left blank, emails will be routed to the user’s email address associated with their AGIIS user profile.

These enhancements will require all subscribers to thoroughly review their user profiles to ensure that email addresses associated with each user profile are those of the individual user and not a generic email account. Failing to update generic email addresses on user profiles will prevent the user from being able to sign into AGIIS once the MFA enhancement is implemented in the future.

All AGIIS users will receive communications regarding both enhancements. These communications include pre-release notes one week prior to implementation, and release notes the first business day following release.

Questions regarding these releases can be directed to Member Services at