Securing Your FOCUS Application

Jennifer Erena

Learn what Authentication & Authorization means to secure  your FOCUS application.  Also watch step by step how to setup MFA.

What is Authentication?

When you try to use an app, authentication answers this question:

“Are you really the person you say you are?”

 

Think of an app like a locked house:

  • You → the user
  • Password or code → the key
  • Door unlocking → successful authentication

Common ways apps authenticate users

  • Username and password – the most familiar method
  • One-time codes (OTP) – sent by text/email or generated by an app
  • Biometrics – fingerprint or face recognition
  • Sign in with Google/Microsoft/Apple – another trusted service confirms who you are
  • Tokens or keys (for apps talking to other apps) – secret digital credentials

FOCUS supports modern authentication methods including username/password with strong password policies, multi factor authentication (MFA), and integration with Microsoft Entra for enterprise identity management. 

We use secure credential handling and avoid storing sensitive credentials in application code or configuration files.

What is MFA?

Multifactor authentication works by requiring two or more of the following authentication methods:

    • Something you know, typically a password.
    • Something you have, such as a trusted device that's not easily duplicated, like a phone or hardware key.
    • Something you are - biometrics like a fingerprint or face scan.

Authorization

Authorization is how an app decides what you’re allowed to do after you’re signed in.

Once an app knows who you are (authentication), authorization answers this question:

“What can this user access or perform?”

Think of an office building:

  • Authentication → showing your ID to enter the building
  • Authorization → which rooms your badge lets you enter

How apps do authorization

Apps usually base authorization on:

  • Roles (admin, user, manager)
  • Permissions (read, write, delete)
  • Rules (time, location, ownership)

You might get inside, but only authorized people can access certain offices.

 

FOCUS enforces role-based access control (RBAC) at both the application and data layers. Permissions are explicitly defined and agencies should review them under Administration > Roles to ensure users only have access required for their job functions. Administrative privileges are limited and audited.

 

How to setup multi-factor authentication.

 

Read On