Two Factor Authentication: Difference between revisions

From RangerMSP Wiki - PSA software for MSPs and IT services providers
Jump to navigation Jump to search
(Created page with " ==Introduction== 2-Factor Authentication offers enhanced security to your employee Web portal.<br> When 2-factor authentication is enabled, employee users must provide a co...")
 
No edit summary
 
(One intermediate revision by the same user not shown)
Line 16: Line 16:


Enabling 2-Factor Authentication requires that:
Enabling 2-Factor Authentication requires that:
#Enable it in the CommitCRM settings window.
#Enable it in the RangerMSP settings window.
#Email Delivery is configured.
#Email Delivery is configured.
#Employees user email delivery settings are configured.
#Employees user email delivery settings are configured.


To enable 2-Factor Authentication open CommitCRM Windows client and visit ''Tools > Options > Web Interface (Admin)''  tab and scroll down to the ‘2-Factor Authentication’ section:
To enable 2-Factor Authentication open RangerMSP Windows client and visit ''Tools > Options > Web Interface (Admin)''  tab and scroll down to the ‘2-Factor Authentication’ section:




Line 28: Line 28:




Note: You must RESTART ''Microsoft IIS'' or ''CommitCRM Web Interface'' service on your server (the one being used) in order for 2-factor authentication to take effect immediately.  
Note: You must RESTART ''Microsoft IIS'' or ''RangerMSP Web Interface'' service on your server (the one being used) in order for 2-factor authentication to take effect immediately.  




Line 35: Line 35:
2-factor authentication codes are automatically emailed to employees after they provide valid user credentials.<br>  
2-factor authentication codes are automatically emailed to employees after they provide valid user credentials.<br>  


Such email messages are sent using the 'CommitCRM Server' Windows service.<br>
Such email messages are sent using the 'RangerMSP Server' Windows service.<br>


In case you already use the [[Email Connector]], the [[Alerts Server]] or the [[Report Scheduler]] you can skip this step as email delivery is already working for you, otherwise you need to [[Setting_up_Email_Delivery_Service|install and configure CommitCRM Server service]] for email delivery.
In case you already use the [[Email Connector]], the [[Alerts Server]] or the [[Report Scheduler]] you can skip this step as email delivery is already working for you, otherwise you need to [[Setting_up_Email_Delivery_Service|install and configure RangerMSP Server service]] for email delivery.




==User settings==
==User settings==


2-Factor Authentication codes are emailed to employees based on the email address stored under their Employee Account in CommitCRM.<br>
2-Factor Authentication codes are emailed to employees based on the email address stored under their Employee Account in RangerMSP.<br>


Each Employee should have their own personal email address stored under the 'Email1' and/or ‘Email2’ fields.<br>
Each Employee should have their own personal email address stored under the 'Email1' and/or ‘Email2’ fields.<br>
Line 67: Line 67:


[[File:Web_interface_2FA_employee_backup_codes.png|center|link=]]
[[File:Web_interface_2FA_employee_backup_codes.png|center|link=]]
==See Also==
*[[Web Interface]]
*[[Microsoft IIS as the Web Server for the Web Interface]]

Latest revision as of 13:53, 8 July 2020

Introduction

2-Factor Authentication offers enhanced security to your employee Web portal.

When 2-factor authentication is enabled, employee users must provide a code to complete the sign-in process. The code is emailed to their personal email address, after first providing valid log-in credentials.

Personal backup codes can be used in cases where a user does not have access the temporary sign-in codes.



Enabling 2-Factor Authentication

Enabling 2-Factor Authentication requires that:

  1. Enable it in the RangerMSP settings window.
  2. Email Delivery is configured.
  3. Employees user email delivery settings are configured.

To enable 2-Factor Authentication open RangerMSP Windows client and visit Tools > Options > Web Interface (Admin) tab and scroll down to the ‘2-Factor Authentication’ section:



Note: You must RESTART Microsoft IIS or RangerMSP Web Interface service on your server (the one being used) in order for 2-factor authentication to take effect immediately.


Email delivery - Configure 2FA Code Delivery by Email

2-factor authentication codes are automatically emailed to employees after they provide valid user credentials.

Such email messages are sent using the 'RangerMSP Server' Windows service.

In case you already use the Email Connector, the Alerts Server or the Report Scheduler you can skip this step as email delivery is already working for you, otherwise you need to install and configure RangerMSP Server service for email delivery.


User settings

2-Factor Authentication codes are emailed to employees based on the email address stored under their Employee Account in RangerMSP.

Each Employee should have their own personal email address stored under the 'Email1' and/or ‘Email2’ fields.



To select whether codes will be sent to Email1, Email2 or both - each user should visit the Tools > Options > Web Interface - 1 tab and set it as follows:



2-Factor Authentication One-time Backup Codes

Backup codes are meant to be used when you need to log into the Web interface and do not have access to your personal email to receive the temporary 2FA code.

Backup codes are managed separately by each user and are different for each user.

Each user can access and manage their backup codes under the Employee tab of their Employee Account. Then, users should write down the codes so they can use them when needed. Each backup code expires after a single use.



See Also