MOR two factor authentication

From Kolmisoft Wiki
Jump to navigationJump to search

Description

Two factor (2FA) authentication improves security by assigning an additional method (factor) for authentication. MOR supports two methods of Two-factor authentication:

  • Sending verification code over email
  • Authenticator App, using time-based one-time password (TOTP)

Examples of apps that support TOTP protocol:

  • Google Authenticator
  • Microsoft Authenticator
  • LastPass Authenticator


Configuration

Globally enabling 2FA

In order to configure 2FA, firstly it must be globally enabled in SETTINGS –> Setup –> Settings Security Tab.


2FAglobalsettings.png

To enable this setting, email must be globally enabled too.

Enabling for Users

Once 2FA is globally enabled, Admin can Enable/Disable 2FA for specific Users in the User's Details Page.


2FAuserfromadmin.png

Configuration from User's Account

If 2FA is enabled by Admin for User, this User can configure 2FA from the PERSONAL MENU -> Personal Menu page.


2FAuserpersonaldetails.png


2FAuserpersonaldetailspage.png

When 2FA is enabled for the User, by default 2FA is set to Email. In this case, no additional configuration is needed.

To Enable 2FA by Authenticator app, the User has to do these steps:

  • Set Authentication method: to Authenticator app
  • Press CHANGE button
  • New window will appear where Users can scan QR code or enter the key manually.



2FAappauthentication.png

  • Open Authentication App (Google Authenticator, Microsoft Authenticator, etc) and scan the QR code. If you are unable to scan the QR code, enter the key manually in the App.
  • Account will be added to your Authenticator App and App will generate the code that must be entered into the Code section.
  • Click Submit button to verify the operation.

If the operation is successful, Authenticator App 2FA authentication will be enabled and the User will need to enter the code from the App (this code changes every few seconds) on every login.

If the verification operation fails for some reason (the user is unable to add the key to the app, close the browser window, etc), on the next login User will be authenticated using Email 2FA.

Configuration for System Admin

Configuration is almost the same as for simple User and is available from PERSONAL MENU -> Personal Menu under Admin account.

2FAadminconfig.png

The only difference is that Admin can disable/enable 2FA for his own account, while a simple User can only change the 2FA type if it is enabled by Admin for the User account.