Difference between revisions of "Multi-Factor Authentication"

From SmartWiki
Jump to: navigation, search
Line 24: Line 24:
 
# Use Send Password button on user profile to send them an email with Activation link.  
 
# Use Send Password button on user profile to send them an email with Activation link.  
  
[[Image:EnableTwoFactor.png|link=]]
+
[[Image:EnableTwoFactor1.png|link=]]
  
 
When the user receives the new password then they navigate to the activation screen.  
 
When the user receives the new password then they navigate to the activation screen.  
  
 
If this is the first time the user has had a code generated then the screen should include a '''QR Code''' that can be scanned using Google Authenticator.  
 
If this is the first time the user has had a code generated then the screen should include a '''QR Code''' that can be scanned using Google Authenticator.  
 +
[[Image:EnableTwoFactor2.png|link=]]
  
 
If the user has an existing QA Code then the user can click a button to generate a new code and re-sync or can proceed to the login page.  
 
If the user has an existing QA Code then the user can click a button to generate a new code and re-sync or can proceed to the login page.  
  
 
Users will then be prompted to enter the one-time code after entering their user name and password. <br />
 
Users will then be prompted to enter the one-time code after entering their user name and password. <br />
[[Image:Prompt.png|link=]]
+
[[Image:EnableTwoFactor3.png|link=]]
  
 
==SmartSimple's Partner for Two-Factor Authentication==
 
==SmartSimple's Partner for Two-Factor Authentication==

Revision as of 14:31, 18 April 2017

When using two-factor authentication, each new user can use Google Authenticator to obtain one-time passwords, calculated from algorithms which are time and/or event-based.

Definition of "Two-Factor Authentication"

Most websites where one can login require a username and password. While a username and a password are two different things they are both "known" by the individual logging in. In short, this means that anyone who knows the username and password can login, thus there is very little that can be done to identify that the individual logging in is actually the individual who owns the account.

Enter factor two. The second factor can be something that someone has or some unique property of that person. The former could refer to an access card and the latter would refer to a fingerprint.

As you can see, one may lose an access card or get duped into sharing a password, but the odds of both happening are greatly reduced. Using Two-Factor Authentication enhances an organization's ability to ensure that no one is using illegitimate means to gain access.

Configuring a Role to Use Two-Factor Authentication

  • Two-Factor Authentication is configured by User Role.
  • For roles that have this feature enabled, the use of Two-Factor Authentication becomes mandatory.
  1. Click on Roles & Permissions (located on the Configuration Menu on the left-hand navigation bar)
  2. Click on the hyperlink for User Roles
  3. Click the Edit button next to the role for which you wish to add Two-Factor Authentication
  4. Click on the drop-down for the Tow Factor Authentication option. There are a number of options exposed:
  1. None
  2. Time-based One-time Password (TOTP)
  3. RSA Disconnected Token
  1. Hit Save.
  2. Use Send Password button on user profile to send them an email with Activation link.

EnableTwoFactor1.png

When the user receives the new password then they navigate to the activation screen.

If this is the first time the user has had a code generated then the screen should include a QR Code that can be scanned using Google Authenticator. EnableTwoFactor2.png

If the user has an existing QA Code then the user can click a button to generate a new code and re-sync or can proceed to the login page.

Users will then be prompted to enter the one-time code after entering their user name and password.
EnableTwoFactor3.png

SmartSimple's Partner for Two-Factor Authentication

SmartSimple uses Vasco’s DIGIPASS as a Service, which is VASCO’s cloud based, managed authentication service that makes use of VASCO’s proprietary authentication technology.

VASCO Data Security has been recognized as a leader in User Authentication by the 2013 Gartner Magic Quadrant.

Customer satisfaction, a wide range of authentication methods, and strong footing in the enterprise user authentication market were factors that cemented VASCO's placement in the Gartner's Leaders quadrant

See Also