Two Factor Authentication: Difference between revisions
(Created page with " ==Introduction== 2-Factor Authentication offers enhanced security to your employee Web portal.<br> When 2-factor authentication is enabled, employee users must provide a co...") |
No edit summary |
||
Line 67: | Line 67: | ||
[[File:Web_interface_2FA_employee_backup_codes.png|center|link=]] | [[File:Web_interface_2FA_employee_backup_codes.png|center|link=]] | ||
==See Also== | |||
*[[Web Interface]] | |||
*[[Microsoft IIS as the Web Server for the Web Interface]] |
Revision as of 09:33, 18 July 2017
Introduction
2-Factor Authentication offers enhanced security to your employee Web portal.
When 2-factor authentication is enabled, employee users must provide a code to complete the sign-in process. The code is emailed to their personal email address, after first providing valid log-in credentials.
Personal backup codes can be used in cases where a user does not have access the temporary sign-in codes.
Enabling 2-Factor Authentication
Enabling 2-Factor Authentication requires that:
- Enable it in the CommitCRM settings window.
- Email Delivery is configured.
- Employees user email delivery settings are configured.
To enable 2-Factor Authentication open CommitCRM Windows client and visit Tools > Options > Web Interface (Admin) tab and scroll down to the ‘2-Factor Authentication’ section:
Note: You must RESTART Microsoft IIS or CommitCRM Web Interface service on your server (the one being used) in order for 2-factor authentication to take effect immediately.
Email delivery - Configure 2FA Code Delivery by Email
2-factor authentication codes are automatically emailed to employees after they provide valid user credentials.
Such email messages are sent using the 'CommitCRM Server' Windows service.
In case you already use the Email Connector, the Alerts Server or the Report Scheduler you can skip this step as email delivery is already working for you, otherwise you need to install and configure CommitCRM Server service for email delivery.
User settings
2-Factor Authentication codes are emailed to employees based on the email address stored under their Employee Account in CommitCRM.
Each Employee should have their own personal email address stored under the 'Email1' and/or ‘Email2’ fields.
To select whether codes will be sent to Email1, Email2 or both - each user should visit the Tools > Options > Web Interface - 1 tab and set it as follows:
2-Factor Authentication One-time Backup Codes
Backup codes are meant to be used when you need to log into the Web interface and do not have access to your personal email to receive the temporary 2FA code.
Backup codes are managed separately by each user and are different for each user.
Each user can access and manage their backup codes under the Employee tab of their Employee Account. Then, users should write down the codes so they can use them when needed. Each backup code expires after a single use.