Two-Factor Authentication

Contents

Two-Factor Authentication#

  • Google authenticator

  • Microsoft authenticator

  • 1Password

  • Sophos Authenticator

  • and many more

2FA Setup#

To activate this, you must go to the system configuaration in the administrator area, and navigate to Core⇾Auth⇾(Agent or Customer)⇾TwoFactor. The module is called GoogleAuthenticator, but complies to RFC 6238 and works with compliant software token generators.

Once activated, unless your administrator should manually generate the shared secret for the users, navigate to Frontend⇾Agent⇾View⇾Preferences and enable the preference module. Do this in PreferencesGroups###GoogleAuthenticatorSecretKey by setting it to Active => 1.

To allow customers to generate their own secret, navigate to Frontend⇾Agent⇾View⇾Preferences and set CustomerPreferencesGroups###GoogleAuthenticatorSecretKey to Active => 1.

Additional settings are:

AllowEmptySecret

Allow users to not use 2FA.

AllowPreviousToken

Grant a 30-second grace period on the token and allow the last and current token to be accepted.