M4 two factor authentication
Description
Two factor (2FA) authentication improves security by assigning an additional method (factor) for authentication. MOR supports two methods of Two-factor authentication:
- Sending verification code over email
- Authenticator App, using time-based one-time password (TOTP)
Examples of apps that support TOTP protocol:
- Google Authenticator
- Microsoft Authenticator
- LastPass Authenticator
Configuration
Globally enabling 2FA
In order to configure 2FA, firstly it must be globally enabled in MAINTENANCE->Settings Security section.
To enable this setting, email must be globally enabled too.
Enabling for Users
Once 2FA is globally enabled, Admin can Enable/Disable 2FA for specific Users in the [M4_Users#General|User's Details Page]].
Configuration from User's Account
If 2FA is enabled by Admin for User, this User can configure 2FA from the Personal details page:
When 2FA is enabled for the User, by default 2FA is set to Email. In this case, no additional configuration is needed.
To Enable 2FA by Authenticator app, the User has to do these steps:
- Set Authentication method: to Authenticator app
- Press UPDATE button
- New window will appear with the Authenticator app configuration. Users can scan QR code or enter the key manually.
Once this will be done, the account will be added to Authenticator App and App will show the code that must be entered into the Code section.
Click Submit button to verify the operation.
If the operation is successful, Authenticator App 2FA authentication will be enabled and the User will need to enter the code from the App on every login.
If the verification operation fails for some reason, one next login User will be authenticated using Email 2FA.
Configuration for System Admin
Configuration is [[the same as for simple Users and is available from Personal Menu under the Admin account.
The only difference is that Admin can disable/enable 2FA for his own account, while a simple User can only change the 2FA type if it is enabled by Admin for the User account.
