User Guides
User and Group Management

MFA and session expiry

5min

Session Timeout

The Hexiosec ASM session timeout is set to 90 days, after this time you will need to re-authenticate/login again.

Multi-factor Authentication (MFA)

It is good security practice to use MFA for online accounts and the option to enable MFA in Hexiosec ASM is available from the Account option by clicking on your user icon in the top right corner of the screen.

How to set-up MFA

This section will walk you through setting up MFA on your Hexiosec ASM account. Enabling and disabling MFA on an account can only be done by the account owner.

Access your account information via the user icon in the top right of any Hexiosec ASM screen, and then click on 'Authenticator'.

Install a trusted authenticator app on your mobile device if you don't have one. There are many to choose from, for example the Microsoft Authenticator, Google Authenticator, Authy, FreeOTP, plus many more.

Open the authenticator app and select the option to add a new account.

  • This will vary by app but for the Microsoft App it is the '+' in the top right corner.
  • For Authy it is a tile on the main screen with '+ Add Account'.

Scan the QR code displayed on screen, this should recognise that the app is Hexiosec ASM and save it with that name. You can usually amend the name in the authenticator app if needed.

In Hexiosec ASM, enter the code displayed in the authenticator. You will also need to enter the name of the device that has the authenticator app, this is just to provide a reminder to you and does not affect the MFA token. Click on Save.

Text entry box for the one-time code and text entry box for the authenticator device name
Completing MFA set up


Your MFA is now set up! You can return to Hexiosec ASM from the link on the top right of the screen.

I can't scan the code

If you are unable to scan the QR code, you can set up MFA using a code, click on 'Unable to scan' which is underneath the QR code. In the authenticator app, you should have the option to scan a QR code or enter a code manually. Choose the manual code method and type in the code as shown in Hexiosec ASM. As with the QR code, complete step 3 by entering the one-time code and device name before clicking on Save.

Viewing MFA status for your Organisation

Organisation admins can review the MFA status for all users in their organisation by clicking on the three dots on the Scans page and selecting Users. The user list will show the MFA status for the users in your organisation.

User MFA status
User MFA status