2-factor authentication is the process in which an additional piece of information is requested and required, along with your username and password, to sign in to your account.
In this article, we review how to enable 2-factor authentication via email. However, eFront supports two more methods of 2-factor authentication: Google Authenticator and SMS-based authentication. These are not mutually exclusive. For portals hosted by Epignosis, Email and Google Authenticator verification methods are enabled by default, while Twilio authentication can be activated by the administrator. All three methods can operate simultaneously, allowing end users to choose their preferred option.
Note: To enforce 2-factor authentication for administrator users and users mapped to administrator roles in on-premise eFront installations, you must be running eFront version 7.8.0 or later. Add ENFORCE_2FA=true to your .env file and restart your web server for the change to take effect. |
To set up 2-factor authentication via email (on-premise installations):
-
Sign in to your portal as an Administrator and go to System settings (1).
-
Then go to Security (2) > 2-factor authentication (3). Set Using email to Enabled (4).
- Click Save (5) to confirm your changes.
After enabling 2-factor authentication via email, users can visit their profile page to activate 2-factor authentication. To do this, they should:
-
Navigate to your icon profile (1) and select Account settings (2).
-
Select Enable 2-factor authentication link (3).
-
In the new window, the user needs to set the Authentication type to Email (4), and click on Send verification code (5). Add the verification code received to the Code (6), and click on Activate (7).
The next time the user tries to sign in, they will be presented with an additional field to input the 6-digit code sent to their inbox.