To adhere to Payment Card Industry (PCI) version 3.2 standards, Multi-Factor Authentication (MFA) has been added to enhance EMC access security. When MFA is enabled, upon logging into the EMC, you are required to enter a temporary One-Time Password (OTP) that is emailed to you. OTPs are valid for one single entry for the individual attempting to log onto the EMC at that time. One-Time Passwords are only valid for five minutes after they are generated by the system. MFA can be enabled during a Simphony installation or upgrade, or after an installation is completed, using the EMC.
Prerequisites
To utilize this functionality, the following requirements must be met:
For MFA implementation, you must install and make network accessible, two separate Simple Mail Transfer Protocol (SMTP) email servers (each to be designated as either a Primary or Backup server). This allows users to receive their OTP via email, each time they attempt to log onto the EMC. An SMTP Backup server is required to provide EMC access redundancy in the event that the Primary SMTP server fails for any reason.
Each employee using the EMC or Simphony Web Portal (SWP) must have a valid email address configured in their employee record
The Oracle Hospitality Simphony Installation Guide and the Oracle Hospitality Simphony PA-DSS Implementation Guide contain more information about Multi-Factor Authentication.