MOR two factor authentication
Description
Two factor (2FA) authentication improves security by assigning an additional method (factor) for authentication. MOR supports two methods of Two-factor authentication:
- Sending verification code over email
- Authenticator App, using time-based one-time password (TOTP)
Examples of apps that support TOTP protocol:
- Google Authenticator
- Microsoft Authenticator
- LastPass Authenticator
Configuration
Globally enabling 2FA
In order to configure 2FA, firstly it must be globally enabled in SETTINGS –> Setup –> Settings Security Tab.
To enable this setting, email must be globally enabled too.
Enabling for Users
Once 2FA is globally enabled, Admin can Enable/Disable 2FA for specific Users in the User's Details Page.
Configuration from User's Account
If 2FA is enabled by Admin for User, this User can configure 2FA from the PERSONAL MENU -> Personal Menu page.
When 2FA is enabled for the User, by default 2FA is set to Email. In this case, no additional configuration is needed.
To Enable 2FA by Authenticator app, the User has to do these steps:
- Set Authentication method: to Authenticator app
- Press CHANGE button
- New window will appear where Users can scan QR code or enter the key manually.
- Open Authentication App (Google Authenticator, Microsoft Authenticator, etc) and scan the QR code. If you are unable to scan the QR code, enter the key manually in the App.
- Account will be added to your Authenticator App and App will generate the code that must be entered into the Code section.
- Click Submit button to verify the operation.
If the operation is successful, Authenticator App 2FA authentication will be enabled and the User will need to enter the code from the App (this code changes every few seconds) on every login.
If the verification operation fails for some reason (the user is unable to add the key to the app, close the browser window, etc), on the next login User will be authenticated using Email 2FA.
Configuration for System Admin
Configuration is almost the same as for simple User and is available from PERSONAL MENU -> Personal Menu under Admin account.
The only difference is that Admin can disable/enable 2FA for his own account, while a simple User can only change the 2FA type if it is enabled by Admin for the User account.