Security

How to enable 2-factor authentication

2-factor authentication refers to the process where an additional piece of information (called 'a factor'), is alongside your username and password and is required in order to sign into your account.

eFront supports 2 methods for 2-factor authentication: Google-Authenticator and SMS-based. These services are not mutually exclusive, meaning that they can run side-by-side and the end-user will be able to select his/her preferred one.

Setting up 2-factor Authentication using Google Authenticator

Google Authenticator is a mobile application created by Google, that enables sites and users to use 2-factor authentication. You should download the app to your smartphone or tablet in order to use it.

In order to set up Google Authenticator, you should sign in to your platform as administrator, and go to 'System settings' -> 'Security'. Click on the '2-factor authentication' to have the respective settings appear. From the 'Using a QR code service' drop-down, select 'Google Authenticator'. Click on 'save'.

2faAA.png

Once enabled, users may visit their profile page to activate 2-factor authentication. To do this, they should click on the “Enable 2-factor authentication” link next to the password field:

2faB.png

A click on this link will bring up the 2-factor setup screen, which displays a QR code. The user should now fire up the Google Authenticator app on their mobile device, and use the 'account setup' option to scan the QR code. Once scanned, the app will display a 6-digit code that the user should input to the respective field and click on 'submit'.

Now, the next time the user tries to sign in, he/she will be presented with an additional field to input the 6-digit code displayed on their mobile device.

Setting up 2-factor Authentication using the Twilio SMS Service

Twilio is a subscription-based SMS service that allows for easy implementation of 2-factor authentication. In order to set it up, you should first acquire a Twilio account.

  • Visit https://www.twilio.com/ and create a user account
  • Click on the “Products” option in the top navigation bar, and then on 'Phone numbers'

 

  • Click on 'Buy number' in the top right corner. Search for a number to buy, capable of SMS service.

  • From the list of available numbers, select your preferred one and click on 'buy'
  • Once you buy it, you will be prompted to set up the number. This is optional. As soon as you're done, click on the 'Getting started' link on the left side of the navigation bar and then at 'Show API credentials'. This will pull down the API credentials for your number. Copy the 'ACCOUNT SID' and 'AUTH TOKEN' values.

  • At your eFront platform, sign in as administrator and go to System settings→Security
  • Click on the “Enable 2-factor authentication” to have the respective settings appear. From the “Using an SMS” drop-down, select “Twilio” (1) and fill in the required information (2).

2fa12.png

  • At the 'Service SID' input box, enter the value of the 'ACCOUNT SID' you copied from your Twilio page.
  • Similarly, use the value of 'AUTH TOKEN' for 'Service Key'
  • Use the phone number you purchased, without any spaces or dashes (for example, +1234567890)
  • Click on 'Save'

Once enabled, users may visit their profile page to activate 2-factor authentication. To do this, they should click on the 'Enable 2-factor authentication' link next to the password field.

Now, the next time the user tries to sign in, he/she will be presented with an additional field to input the 6-digit code displayed on their mobile device.

Related articles