2-factor authentication is the process in which an additional piece of information is requested and required, along with your username and password, to sign in to your account.
In this article, we review how to enable 2-factor authentication with the Twilio SMS Service. However, eFront supports two more methods of 2-factor authentication: email and Google Authenticator. These are not mutually exclusive. For portals hosted by Epignosis, Email and Google Authenticator verification methods are enabled by default, while Twilio authentication can be activated by the administrator. All three methods can operate simultaneously, allowing end users to choose their preferred option.
Twilio is a subscription-based SMS service that allows for easy 2-factor authentication. To set it up, you should first create a Twilio account. Before you proceed, keep in mind that to use this function, you’ll need to buy a new number with the capability to send SMS messages. If the SMS capability is not available in a user's country, then you can choose any country offering a number with SMS instead. For more information, please have a look at this Twilio's support article.
Note: To enforce 2-factor authentication for administrator users and users mapped to administrator roles in on-premise eFront installations, you must be running eFront version 7.8.0 or later. Add ENFORCE_2FA=true to your .env file and restart your web server for the change to take effect. |
To set up 2-factor authentication with Twilio:
- Visit Twilio and create a user account.
-
As soon as you sign in, you'll be redirected to your Twilio Dashboard (console). Save your ACCOUNT SID (1) and AUTH TOKEN (2) values for later use.
- Expand Phone numbers (3), click Manage (4), and select Buy a number (5).
-
From the list of available numbers, select your preferred one and click Buy (6) to confirm. Make sure to select a number with SMS capabilities.
- Sign in to your eFront portal as an Administrator.
-
Go to System settings (7) > Security (8) > 2-factor authentication (9).
- Set Using an SMS to Twilio (10).
- In the Service SID (11) box, add the value of ACCOUNT SID (1) saved from your Twilio page earlier.
- Similarly, use the value of AUTH TOKEN (2) in the Service Key (12) box.
-
Add the phone number you've purchased, without any spaces or dashes (for example, +1234567890) in the Service phone (13).
- Click Save to confirm your changes (14).
Once enabled, users can visit their profile page to activate 2-factor authentication. To do this, they should:
-
Navigate to your profile (1) and select Account settings (2).
-
Select Enable 2-factor authentication link (3).
- In the new window, the user needs to set the Authentication type to SMS (4).
-
Fill in their phone number (including the country code) in Phone number (5) and click Send verification code (6).
- Lastly, they need to enter the verification code they've received to complete the process.
The next time the user tries to sign in, they will be presented with an additional field to input the 6-digit code sent as an SMS to their phone number.