Portal Multi-Factor Authentication Issuer

Desktop New Feature

Overview

Portals support multi-factor authentication (MFA) using Authenticator Apps such as Microsoft Authenticator, Google Authenticator, or Authy. When a portal user enrols in MFA, their Authenticator App displays an Issuer name alongside the rolling six-digit code — this is what distinguishes one finPOWER Connect portal entry in the user's app from the next.

Previously, the Issuer string was hard-coded to use the Portal's Description. So a portal called “Client Connect” produced an Authenticator entry labelled “Client Connect”, with no way to change it without renaming the portal itself. This was awkward when administrators wanted to keep the internal Portal Description short (or branded a particular way) but show end users a more recognisable label inside their Authenticator App.

From this release, the Issuer is independently configurable on the Portals form's Multi-Factor Authentication page, separate from the Portal Description. The setting takes effect on the live portal — the value the end user sees in their Authenticator App is whatever Issuer string you configure here.

Prerequisites

A finPOWER Connect Portal that uses Multi-Factor Authentication.

The Portal's MFA Method must be set to Authenticator App for the Issuer setting to apply.

Permission to administer Portals (existing Portal administration permissions).

finPOWER Connect Web Services running the live Portal — the Issuer string is read by the Web Service when generating the Authenticator enrolment QR code.

Setup & Configuration

Desktop-only configuration

The Portals form has no Cloud administration widget — Portal configuration is performed exclusively in finPOWER Connect Desktop. The Issuer setting is configured on the Portals form in Desktop. The portal itself is hosted by Web Services, so the Issuer string takes effect for end users on the live portal regardless of which platform users access it from.

Open the Portals form in Desktop

Navigate to Administration, Portals in finPOWER Connect Desktop.

Open the Portal you want to configure

Pick the Portal whose Authenticator App entry you want to customise (for example, your Client Connect portal).

Go to the Multi-Factor Authentication page

Select the Multi-Factor Authentication page within the Portal record. This page houses all MFA-related settings.

Set the Method to “Authenticator App”

The Issuer field is only relevant to the Authenticator App method. Choose this method first — the Issuer field becomes available beneath it.

Enter the Issuer

Type the value you want shown in the user's Authenticator App. The field accepts up to 50 characters. If the Issuer is left blank, the system falls back to the Portal Description for backwards compatibility with the previous behaviour.

Save the Portal

Save and close. The next time a portal user enrols in MFA (or re-enrols), the Authenticator App will display the new Issuer string.

Field reference

Field	Description	Default
Method	The MFA method used by the Portal. The Issuer is relevant only when this is set to Authenticator App.	(per portal)
Issuer	The string shown in the end user's Authenticator App alongside their rolling code. Up to 50 characters. Leave blank to use the Portal Description (legacy behaviour).	(blank — falls back to Portal Description)

How to Use

Once the Issuer is configured, the change takes effect for portal users on enrolment. Existing enrolments retain whatever Issuer was in place when they enrolled, until they re-enrol.

End user navigates to the live portal

The portal user logs in with their username and password as normal.

The portal prompts the user to enrol

If MFA is required and the user is not yet enrolled, the portal displays a QR code. The QR code embeds the Issuer string you configured.

User scans the QR code with their Authenticator App

The Authenticator App adds a new entry. The label shown in the app is the Issuer string — for example, “Acme Finance — Client Portal” rather than just “Client Connect”.

User enters the rolling code on subsequent logins

From now on, when the user logs in to the portal they enter the six-digit code from the Authenticator App entry labelled with your Issuer string.

Platform Differences

Portal configuration is administered in Desktop only. The portal itself runs on Web Services and is consumed by end users in a web browser, so the Issuer string is presented to all portal users regardless of how they reach the portal.

Aspect	Where it lives
Portal admin (Issuer field)	Desktop only — Portals form, Multi-Factor Authentication page
Live portal hosting	Web Services
End user experience (QR code, Authenticator label)	Web browser — identical regardless of client platform

Tips & Best Practices

Tip — use a recognisable Issuer for end users

The Issuer is the only label your portal users see in their Authenticator App. If you have multiple portals (for example, one for clients and one for brokers), use distinct Issuer strings so users can tell them apart. Including your trading name (e.g. “Acme Finance — Clients”) often works well.

Tip — existing enrolments are not retroactive

Changing the Issuer affects new enrolments. Users already enrolled keep their existing label until they re-enrol (which only happens if they reset their MFA). This is a property of how Authenticator Apps store their entries — finPOWER Connect simply hands them the Issuer at enrolment time.

Important — the Issuer is not a secret

The Issuer string is embedded in the QR code in plain form. It must not contain credentials or sensitive information. Treat it as a display label, not a security token.

Knowledge Base References

Browse the live KB listings for v6.00.03 on the Intersoft support site:

Desktop & Business Layer Cloud Web Services

The Knowledge Base articles consolidated into this release notes page:

KB 22374

New

Portals — MFA Issuer for Authentication Apps can now be specified