Two Factor Authentication

From RangerMSP Wiki - PSA software for MSPs and IT services providers
Jump to: navigation, search

Introduction

2-Factor Authentication offers enhanced security to your employee Web portal.

When 2-factor authentication is enabled, employee users must provide a code to complete the sign-in process. The code is emailed to their personal email address, after first providing valid log-in credentials.

Personal backup codes can be used in cases where a user does not have access the temporary sign-in codes.


Web interface 2FA.png


Enabling 2-Factor Authentication

Enabling 2-Factor Authentication requires that:

  1. Enable it in the RangerMSP settings window.
  2. Email Delivery is configured.
  3. Employees user email delivery settings are configured.

To enable 2-Factor Authentication open RangerMSP Windows client and visit Tools > Options > Web Interface (Admin) tab and scroll down to the ‘2-Factor Authentication’ section:


Web interface enable 2fa.png


Note: You must RESTART Microsoft IIS or RangerMSP Web Interface service on your server (the one being used) in order for 2-factor authentication to take effect immediately.


Email delivery - Configure 2FA Code Delivery by Email

2-factor authentication codes are automatically emailed to employees after they provide valid user credentials.

Such email messages are sent using the 'RangerMSP Server' Windows service.

In case you already use the Email Connector, the Alerts Server or the Report Scheduler you can skip this step as email delivery is already working for you, otherwise you need to install and configure RangerMSP Server service for email delivery.


User settings

2-Factor Authentication codes are emailed to employees based on the email address stored under their Employee Account in RangerMSP.

Each Employee should have their own personal email address stored under the 'Email1' and/or ‘Email2’ fields.


Web interface 2FA employee details1.png


To select whether codes will be sent to Email1, Email2 or both - each user should visit the Tools > Options > Web Interface - 1 tab and set it as follows:


Web interface 2FA employee details2.png


2-Factor Authentication One-time Backup Codes

Backup codes are meant to be used when you need to log into the Web interface and do not have access to your personal email to receive the temporary 2FA code.

Backup codes are managed separately by each user and are different for each user.

Each user can access and manage their backup codes under the Employee tab of their Employee Account. Then, users should write down the codes so they can use them when needed. Each backup code expires after a single use.


Web interface 2FA employee backup codes.png


See Also

Retrieved from "http://www.rangermsp.com/w/index.php?title=Two_Factor_Authentication&oldid=8566"