NATS4 Multi Factor Authentication

From TMM Wiki
Jump to navigationJump to search
NATS 4
Affiliates Admin
The Affiliates Admin
ID Numbers
Account Representatives
Affiliate Referrals
Affiliate Activation
Affiliate Access Permissions
Affiliate Admin Settings
Affiliate Overrides
Creating Admin Accounts
In-House Accounts
Affiliate-Specific Join Options and Payouts
Add Manual Sale
Manual Invoices
Affiliate Groups
Affiliate Documents
Change Affiliate Status
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers

NATS4 allows you to tie google authenticator to your admin and affiliate accounts in versions 4.1.19 and up.

To access the Two Factor Authentication page, go to the Affiliates Admin and click the shield icon for the account to manage.

Admins can enable this for their own accounts. Affiliates will need the help of an admin to send them the qr code and enter their verification code.

Other industry naming conventions for this feature:

  • MFA
  • 2FA
  • 2 Factor Authentication
  • Two Factor Authentication

Configuring

In the Security section of the Configuration admin, the G2FA_WINDOW option lets you set how many seconds of difference are allowed between the current time on server and the app.

Enabling

From the affiliates admin find he account you wish to manage and click on the shield icon

2faicons.PNG

Here you can generate a secret and build a QR code for scanning in the google authenticator app

2faoff.PNG


The last step to enabling is to type the current token from your google authenticator app into the 'token' field and click 'Enable Two Factor' If this is successful, you will see that Two Factor Enabled = YES when the page loads. If this is not successful, you may need to check your server time or change the value of G2FA_WINDOW 2faenable.PNG

Logging In

The default templates will only prompt for mfa toekn after a user has entered a valid username and password. You may wish to set up a template that always includes the field for the mfa token, or does an ajax call to verify username/password first before prompting for mfa.


2famfarequired.PNG