Security

How to enable 2-factor authentication

2-factor authentication refers to the process where an additional piece of information (called 'a factor'), is requested alongside your username and password, and is required in order to sign into your account.

eFront supports the two methods of 2-factor authentication shown below: Google-Authenticator and SMS-based. These services are not mutually exclusive, meaning that they can run side-by-side and, if both services are activated by the administrator, the end-user will be able to select his/her preferred one.

Setting up 2-factor Authentication using Google Authenticator

Google Authenticator is a mobile application created by Google, that enables sites and users to use 2-factor authentication. You should download the app to your smartphone or tablet in order to use it.

In order to set up Google Authenticator, you should sign in to your platform as an administrator, and go to 'System settings' -> 'Security'.

Click on the '2-factor authentication' to have the respective settings appear. From the 'Using a QR code service' drop-down, select 'Google Authenticator'. Click on 'save'.

2faAA.png

Once enabled, users may visit their profile page to activate 2-factor authentication. To do this, they should click on the “Enable 2-factor authentication” link next to the password field:

2faB.png

A click on this link will bring up the 2-factor setup screen, which displays a QR code. The user should now fire up the Google Authenticator app on their mobile device, and use the 'account setup' option to scan the QR code. 

2019-07-06_12-34-48.png

With the smartphone and using the Google Authenticator app, the user should:

  • Press the + button on the upper right end of the screen
  • Select "Scan barcode"
  • Point the smartphone camera at the barcode on your computer's screen

If done correctly, this process ensures that a user's eFront account is securely paired with the 2FA authentication system. Once scanned, the app will display a 6-digit code that the user should input to the respective field and click on 'Submit'.

Now, the next time the user tries to sign in, he/she will be presented with an additional field to input the 6-digit code displayed on their mobile device.

Setting up 2-factor Authentication using the Twilio SMS Service

Twilio is a subscription-based SMS service that allows for easy implementation of 2-factor authentication. In order to set it up, you should first acquire a Twilio account.

2019-07-06_12-39-41.png

  • Click on 'Phone numbers' in your console and click on the button 'Get your first Twilio phone number'

2019-07-06_12-40-39.png

  • From the list of available numbers, select your preferred one and click on 'buy' to confirm

Note: You have to buy a new number with the capability to send SMS messages. If the SMS capability is not available in a user's country then any country offering a number with SMS availability can be chosen instead. For information on this please have a look at this Twilio's support article.

  • As soon as you're done, click on the 'Show API credentials' link. This will pull down the API credentials for your number. Copy the 'ACCOUNT SID' and 'AUTH TOKEN' values
  • Go back to eFront and sign in as an admin
  • In your eFront portal, sign in as administrator and go to System settings→Security
  • Click on the “Enable 2-factor authentication” to have the respective settings appear. From the “Using an SMS” drop-down, select “Twilio” (1) and fill in the required information (2)

2fa12.png

  • At the 'Service SID' input box, enter the value of the 'ACCOUNT SID' you copied from your Twilio page
  • Similarly, use the value of 'AUTH TOKEN' for 'Service Key'
  • Use the phone number you purchased, without any spaces or dashes (for example, +1234567890)
  • Click on 'Save'

Once enabled, users may visit their profile page to activate 2-factor authentication. To do this, they should click on the 'Enable 2-factor authentication' link next to the password field.  Users have to fill in their phone number (including the country code) and click on "Send verification code", then enter the verification number received.

2019-07-06_12-41-30.png

Now, the next time the user tries to sign in, he/she will be presented with an additional field to input the 6-digit code displayed on their mobile device.

Related articles