Two Factor Authentication

Two Factor Authentication

Two-Factor Authentication   

Two-factor Authentication (2FA) provides an extra layer of security for your Support Reps by mandating an additional mode of authentication along with regular passwords. Two-Factor Authentication is applicable only for support reps.

 

Role required: SDAdmin, SDOrgAdmin (for multiple portal setups).

Supported Additional Authentication Modes

Email verification: Support Reps will be required to verify an authentication code received via email.

Google Authenticator: Support Reps will be required to verify a time-based OTP (TOTP) generated by Google Authenticator app.

 

SDAdmin or SDOrgAdmin can enable/disable any or all of the supported additional authentication modes.

 

Once enabled, the support reps have to enroll for the additional authentication mode during their first-time login. To learn more about enrollment, click here.

Configuring Two-Factor Authentication   

  1. Go to Admin>>General Settings>>Two Factor Authentication.

  2. Use the toggle button to enable two-factor authentication.

  3. Under Settings, enable/disable backup codes using the toggle and do one or both of the following.

    • Enabling Email verification

      The outgoing mail server must be configured for email verification mode. To learn more about mail server configuration, click here.

      1. Click Email verification to expand the section and then use the toggle to enable the mode.

      2. Finally, click Save.

      3. Compose the email template to be used for sending the verification code with the appropriate subject and message body. Use the variable $secretCode in the message body. This variable is replaced with a unique code each time the email is sent to the Support Reps.

    • Enabling Google Authenticator  

      • Click Google Authenticator to expand the section.

      • Use the toggle to enable the mode.



  • In email verification mode, the $secretCode variable is mandatory to generate the verification code.

  • Backup codes can be enabled only when one of the authentication modes is enabled.

  • Enabling backup verification code allows Support Reps to view, download, or generate codes that can be used as an alternative to any of the authentication modes. To know more, click here.

  • The History tab records the changes made such as changing modes, modifying the email message, enabling/disabling modes, etc.

  • On enabling email verification mode, ensure that you have disabled OTP login via email to avoid redundant verifications via email. 

Two-factor authentication for Admin Configurations   

Enabling this option prompts the admin to authenticate themselves while modifying security settings under Admin > General Settings > Security Settings.
 
Two-factor authentication for admin configurations can be enabled for general/advanced security settings and password policy.
 

The preferred authentication method must be selected first to enable two-factor authentication for user logins.  
 
Once enabled, the admin has to enroll for two-factor authentication during their first-time login.
 
Enable TFA Trust to establish a time frame during which the admin can modify the security settings without the need for re-authentication.


Enrolling for Two-Factor Authentication (for Support Reps)

On enabling two-factor authentication, Support Reps logging into the application must enroll themselves by following the steps given here.

 

Support Reps configured with a valid email address will be auto-enrolled and can skip this step.

Enrolling for email verification mode

 

  1.  Go to the login page, and provide the username and password.

  2. In the enrollment form, choose Email Verification and click Next.


  3. Enter your email address and click Send code.


  4. Enter the verification code as received in your email to log in to the application.

Enrolling for Google Authenticator mode

 

  1. Go to the login page, and provide your username and password.

  2. In the enrollment form, choose Google Authenticator and click Next.

  3. Using your Google Authenticator mobile app (Android/iOS), scan the QR code.



    Alternatively, you can obtain the secret key by invoking click here below the QR code and enter it in your Google Authenticator app.


  4. Now, enter the time-based OTP from Google Authenticator app into the textbox and click Verify code to log in to the application.


You can check Trust this browser to avoid the second verification for a period of 180 days.

 

If you have trouble verifying with any of the modes, you can use backup codes.  

 

You can manage trusted browsers, modify mode, view, download, or generate backup codes from the user panel. Click here to learn more.


Managing Enrolled Support Reps   

You can manage Support Reps who have enrolled for two-factor authentication under the Enrolled User tab. Here you can view details such as username, domain name, and authentication type, or delete user enrollment.

  • To access it, go to Admin>>General Settings>>Two Factor Authentication.

  • To delete user enrollment, select one or more Support Reps and click Delete.

 

 


    • Related Articles

    • Manage Two-Factor Authentication Settings

      You can manage trusted browsers, modify mode, view, download, or generate backup codes from the user panel. ​ Click the user icon on the upper-right corner and click Two Factor Authentication.     To modify mode, click Authentication Mode and then ...

    • SAML Authentication

      SAML Authentication   Security Assertion Markup Language(SAML) brings an easier alternative to conventional sign-in methods already available for online services. Users will no longer have to provide passwords specific to each service they access. ...

    • Pass Through Authentication

      You can enable single sign-on for SupportCenter Plus to directly authenticate support reps' login credentials. Thus the support reps need not log in again to access SupportCenter Plus. SupportCenter Plus Pass-through Authentication uses NTLMV2 which ...

    • OAuth Authentication for Mail Server

      Introduction   OAuth is a standard authorization protocol that provides delegated access to a protected resource using web tokens instead of passwords. With OAuth, resource owners can configure separate permissions for each client requesting access ...

    • FAQs on OAuth Authentication for Mail Server

      Why should I move to OAuth2.0?  Google and Microsoft will soon withdraw basic authentication support for mail servers by February 2021 and October 2020, respectively. Therefore, it is advisable for users to switch to OAuth authentication. What are ...