Introduction

The customer portal has been developed in line with GOV.UK GDS (Government Digital Service) guidelines, ensuring a user-friendly, accessible, and secure experience for both residents and council administrators.

About this guide

This guide provides a summary of key points for the Multi-Factor Authentication (MFA) Implementation for the customer portal. It outlines the main functional points and costs for customer’s using the portal either logging into directly to the customer portal or via a Form short URL.

To strengthen system security and safeguard sensitive information, Multi-Factor Authentication (MFA) has been activated for the portal. MFA enhances account protection by requiring users to verify their identity through multiple methods beyond just a password. These methods may include:

• Verification via email or mobile device
• Biometric authentication
• Use of an authentication application

Benefits of MFA

Using MFA has the following benefits:

• Prevents unauthorized access, even if login credentials are compromised
• Reduces the risk of phishing and other cyber threats
• Supports compliance with industry regulations and security standards

By introducing MFA, we aim to protect both individual customer accounts and the overall integrity of our platform.

Verification for any customer login will be via email or mobile device, and details will be taken from the email and default telephone number for the account in question.

MFA Options - Customers without registered telephone number

When logging into the customer portal, customers without a registered telephone number will only have access to the email address authentication method, which delivers a verification code via email to their default email address that must be entered to complete the login process.

MFA Options - Customers with registered telephone number

When logging into the portal, customers with a registered telephone number will have access to the following MFA options:

• Email
• Phone Call
• Text Message (SMS)

Each method delivers a verification code that must be entered to complete the login

process:

• SMS: £0.09 per message
• Phone Call: £0.07 per call

These charges reflect the costs incurred from external providers in providing these services. The email option is free of charge. Customers without a phone number on their account will only be able to use the email option, which remains non-chargeable.

 Usage-Based Charges: Costs will apply from the moment the portal is first accessed.

 Billing Cycle: Charges will be invoiced on a quarterly basis.

 Third-Party Cost Adjustments: Fees may be subject to change in line with any increases from third-party service providers.

Note: The MCS Platform currently utilizes external providers for SMS and call services.

MFA Continuity: Multi-Factor Authentication (MFA) will remain in use on the portal until the portal is either decommissioned or alternative authentication methods are introduced.

Guest Access and Third-Party Logins

Customers signing in through the authority’s guest account will not be subject to MFA.

Users may also log in using existing Google or Facebook accounts, which operate

independently of the MFA system.