M4 two factor authentication

From Kolmisoft Wiki
Revision as of 14:13, 11 May 2023 by Gilbertas (talk | contribs) (Created page with "=Description= '''Two factor (2FA) authentication''' improves security by assigning an additional method (factor) for authentication. MOR supports two methods of Two-factor authentication: * Sending verification code over email * Authenticator App, using time-based one-time password (TOTP) Examples of apps that support TOTP protocol: * Google Authenticator * Microsoft Authenticator * LastPass Authenticator =Configuration= ==Globally enabling 2FA== In order to configur...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Description

Two factor (2FA) authentication improves security by assigning an additional method (factor) for authentication. MOR supports two methods of Two-factor authentication:

  • Sending verification code over email
  • Authenticator App, using time-based one-time password (TOTP)

Examples of apps that support TOTP protocol:

  • Google Authenticator
  • Microsoft Authenticator
  • LastPass Authenticator


Configuration

Globally enabling 2FA

In order to configure 2FA, firstly it must be globally enabled in MAINTENANCE->Settings Security section.


2FAM4globalsettings.png

To enable this setting, email must be globally enabled too.

Enabling for Users

Once 2FA is globally enabled, Admin can Enable/Disable 2FA for specific Users in the [M4_Users#General|User's Details Page]].


2FAuserfromadmin.png

Configuration from User's Account

If 2FA is enabled by Admin for User, this User can configure 2FA from the Personal details page:


2FAM4userpersonaldetails.png


2FAM4userpersonaldetailspage.png

When 2FA is enabled for the User, by default 2FA is set to Email. In this case, no additional configuration is needed.

To Enable 2FA by Authenticator app, the User has to do these steps:

  1. Set Authentication method: to Authenticator app
  2. Press UPDATE button
  3. New window will appear with the Authenticator app configuration. Users can scan QR code or enter the key manually.

2FAM4appauthentication.png

Once this will be done, the account will be added to Authenticator App and App will show the code that must be entered into the Code section. Click Submit button to verify the operation.

If the operation is successful, Authenticator App 2FA authentication will be enabled and the User will need to enter the code from the App on every login.

If the verification operation fails for some reason, one next login User will be authenticated using Email 2FA.

Configuration for System Admin

Configuration is [[the same as for simple Users and is available from Personal Menu under the Admin account.

2FAM4adminconfig.png

The only difference is that Admin can disable/enable 2FA for his own account, while a simple User can only change the 2FA type if it is enabled by Admin for the User account.