2-factor authentication is the process where an additional piece of information is requested along with your username and password, and it is required in order to sign into your account.
eFront supports two methods of 2-factor authentication: Google Authenticator and SMS-based. These are not mutually exclusive. They can run side by side and, if both services are activated by the administrator, the end user will be able to select their preferred one.
Setting up 2-factor Authentication using Google Authenticator
To use Google Authenticator, download the app to your smartphone or tablet.
To set up Google Authenticator:
- Sign in to your platform as an administrator.
- Go to System settings -> Security (1).
- Go to the 2-factor Authentication (2) tab and tick Enable 2-factor authentication (3).
- From the Using a QR code service (4) drop-down, select Google Authenticator.
- Click Save.
Once enabled, users can visit their profile page to activate 2-factor authentication. To do this, they should:
- Go to My account (5).
- Go to the Profile (6) tab.
- Click the Enable 2-factor authentication link next to the password field.
- The screen that appears displays a QR code. The user should now open the Google Authenticator app on their mobile device, and use the account setup option to scan the QR code.
- Once scanned, the app will display a 6-digit code that the user must put in the respective field (7) and click Activate.
Now, the next time the user tries to sign in, they will be presented with an additional field to input the 6-digit code displayed on their mobile device.
Setting up 2-factor Authentication using the Twilio SMS Service
Twilio is a subscription-based SMS service that allows for easy 2-factor authentication. In order to set it up, you should first set up a Twilio account.
- Visit https://www.twilio.com/ and create a user account.
-
Click Phone numbers in your console and click Get your first Twilio phone number.
- From the list of available numbers, select your preferred one and click buy to confirm.
Note: You have to buy a new number with the capability to send SMS messages. If the SMS capability is not available in a user's country, then you can choose any country offering a number with SMS instead. For information on this, please have a look at this Twilio's support article.
- As soon as you're done, click on the Show API credentials link. This will pull down the API credentials for your number. Copy the 'ACCOUNT SID' and 'AUTH TOKEN' values.
- Go back to eFront and sign in as an admin.
- Go to System settings > Security.
- Go to the 2-factor authentication tab.
- Tick the Enable 2-factor authentication option.
On the Using an SMS (1) drop-down, select Twilio and fill in the required information (2).
- In the Service SID input box, enter the value of the 'ACCOUNT SID' you copied from your Twilio page.
- Similarly, use the value of 'AUTH TOKEN' in the Service Key input box.
- Use the phone number you purchased, without any spaces or dashes (for example, +1234567890).
- Click Save.
Once enabled, users can visit their profile page to activate 2-factor authentication. To do this, they should:
- Go to My account (3).
- Go to the Profile (4) tab.
- Click the Enable 2-factor authentication link next to the password field.
- Fill the phone number (including the country code) and click Send verification code.
- Enter the verification number you received.
Now, the next time the user tries to sign in, they will be presented with an additional field to input the 6-digit code displayed on their mobile device.