Difference between revisions of "Multi-Factor Authentication"

From SmartWiki
Jump to: navigation, search
(Configuring a Role to Use Two-Factor Authentication)
Line 1: Line 1:
 
__TOC__
 
__TOC__
  
When using two-factor authentication, each user is provided with a small, easy-to-use, single-button device for remote use.
+
When using two-factor authentication, each new user can use Google Authenticator to obtain one-time passwords, calculated from algorithms which are time and/or event-based.
 
 
[[Image:Vascotoken.jpg|link=]]
 
 
 
These devices support strong authentication with one-time passwords, calculated from algorithms which are time and/or event-based.
 
  
 
==Definition of "Two-Factor Authentication"==
 
==Definition of "Two-Factor Authentication"==
Line 17: Line 13:
 
* Two-Factor Authentication is configured by [[User Role]].  
 
* Two-Factor Authentication is configured by [[User Role]].  
 
* '''''For roles that have this feature enabled, the use of Two-Factor Authentication becomes mandatory.'''''
 
* '''''For roles that have this feature enabled, the use of Two-Factor Authentication becomes mandatory.'''''
* Therefore, when enabling this feature, be sure that all users in this Role have possession of the Vasco tokens. To procure the security tokens, please contact your account manager or [[How the SmartSimple Support Desk Works|SmartSimple Support]].
 
  
 
# Click on [[Roles & Permissions]] (located on the [[Configuration Menu]] on the left-hand navigation bar)
 
# Click on [[Roles & Permissions]] (located on the [[Configuration Menu]] on the left-hand navigation bar)
 
# Click on the hyperlink for User Roles
 
# Click on the hyperlink for User Roles
 
# Click the ''Edit'' button next to the role for which you wish to add Two-Factor Authentication
 
# Click the ''Edit'' button next to the role for which you wish to add Two-Factor Authentication
# Select the ''Requires Secure Token'' setting.
+
# Click on the drop-down for the Tow Factor Authentication option. There are a number of options exposed:
 +
::# None
 +
::# Time-based One-time Password (TOTP)
 +
::# RSA Disconnected Token  
 
# Hit Save.
 
# Hit Save.
 +
# Use Send Password button on user profile to send them an email with Activation link.
  
 
[[Image:EnableTwoFactor.png|link=]]
 
[[Image:EnableTwoFactor.png|link=]]
  
When this setting is enabled, all users in this role will be prompted to enter the one-time code generated by their Vasco security token after entering their user name and password. <br />
+
When the user receives the new password then they navigate to the activation screen.
 +
 
 +
If this is the first time the user has had a code generated then the screen should include a '''QR Code''' that can be scanned using Google Authenticator.
 +
 
 +
If the user has an existing QA Code then the user can click a button to generate a new code and re-sync or can proceed to the login page.
 +
 
 +
Users will then be prompted to enter the one-time code after entering their user name and password. <br />
 
[[Image:Prompt.png|link=]]
 
[[Image:Prompt.png|link=]]
  

Revision as of 14:24, 18 April 2017

When using two-factor authentication, each new user can use Google Authenticator to obtain one-time passwords, calculated from algorithms which are time and/or event-based.

Definition of "Two-Factor Authentication"

Most websites where one can login require a username and password. While a username and a password are two different things they are both "known" by the individual logging in. In short, this means that anyone who knows the username and password can login, thus there is very little that can be done to identify that the individual logging in is actually the individual who owns the account.

Enter factor two. The second factor can be something that someone has or some unique property of that person. The former could refer to an access card and the latter would refer to a fingerprint.

As you can see, one may lose an access card or get duped into sharing a password, but the odds of both happening are greatly reduced. Using Two-Factor Authentication enhances an organization's ability to ensure that no one is using illegitimate means to gain access.

Configuring a Role to Use Two-Factor Authentication

  • Two-Factor Authentication is configured by User Role.
  • For roles that have this feature enabled, the use of Two-Factor Authentication becomes mandatory.
  1. Click on Roles & Permissions (located on the Configuration Menu on the left-hand navigation bar)
  2. Click on the hyperlink for User Roles
  3. Click the Edit button next to the role for which you wish to add Two-Factor Authentication
  4. Click on the drop-down for the Tow Factor Authentication option. There are a number of options exposed:
  1. None
  2. Time-based One-time Password (TOTP)
  3. RSA Disconnected Token
  1. Hit Save.
  2. Use Send Password button on user profile to send them an email with Activation link.

EnableTwoFactor.png

When the user receives the new password then they navigate to the activation screen.

If this is the first time the user has had a code generated then the screen should include a QR Code that can be scanned using Google Authenticator.

If the user has an existing QA Code then the user can click a button to generate a new code and re-sync or can proceed to the login page.

Users will then be prompted to enter the one-time code after entering their user name and password.
Prompt.png

SmartSimple's Partner for Two-Factor Authentication

SmartSimple uses Vasco’s DIGIPASS as a Service, which is VASCO’s cloud based, managed authentication service that makes use of VASCO’s proprietary authentication technology.

VASCO Data Security has been recognized as a leader in User Authentication by the 2013 Gartner Magic Quadrant.

Customer satisfaction, a wide range of authentication methods, and strong footing in the enterprise user authentication market were factors that cemented VASCO's placement in the Gartner's Leaders quadrant

See Also