Introduction
The Services Manager allows you to setup and manage external service providers. One service is two-factor authentication (2FA) of Administrative users. This adds a layer of security.
You will need to add the Service Provider, add it as a Secondary Authentication provider, and enable it for Administrators. You can either require all Administrators to use 2FA, or you can let each Administrators choose whether or not to use it.
You can use a Service Provider that has already been setup by Configio, or you can create and setup your own custom Service Providers if you have an account with one of our integration partners. The Service Provider available from Configio is SMTP, and the custom Service Providers that we are integrated with are Cdyne and Twilio. The SMTP provider allows for Two-Factor Authentication via email, and the custom providers allow for Two-Factor Authentication via text message.
Getting Started
There are two System Configurations related to the feature. Log into your Administrative console, navigate to Settings -> Setup -> Configuration. Search for "2fa." There is a configuration titled, "Require Secondary Authentication (2FA) for Admin Users." Turn it ON and click the "Save" button if you are going to require all of your Administrators to use secondary authentication. Leave it OFF if you are going to allow Administrators to choose to use it.
Search for "company name." If necessary, update the Company Name field in the Contact Information section and click the Save button. This name may be shown to your Administrators during the authentication process.
Adding a Service Provider
Log into your Administrative console, navigate to Settings -> Setup -> Services Manager. Select Services.
Click the Add New button.
Click on the Custom Service Provider link.
Choose SMTP, (optionally) update the Title, and click the "Save" button.
Adding another Service Provider
Like above, start by logging into your Administrative console, navigating to Settings -> Setup -> Services Manager, selecting Services, and selecting Add New.
Select the Custom Service Provider link.
Select which Service Provider you would like to use. You may see a Setup Instructions section. These instructions are for setting-up an application that is external to Configio, and therefore are provided within Configio solely for your convenience. Follow the instructions, input the values created during setup into the fields above the instructions, and click the Save button.
Adding a Secondary Authentication Provider
Return to Settings -> Setup -> Services Manager and click the Secondary Auth button.
Click the Add New button.
Choose the Service Provider, input a Title, and click the Save button.
Enabling/Disabling Two Factor Authentication for Admins
Return to Settings -> Setup -> Services Manager. Click the Two Factor Auth button in the Admin Authentication section.
Switch the Allowed toggle from Inactive to Active. This will enable it. Switching back to Inactive will disable it.
The Administrator's Experience - Setting-up Two-Factor Authentication
Your Admin will login as normal, however now they will see the "Add Secondary Authentication" screen. They can choose the Service Provider, input their cell phone number, and click the Send button.
They will then be sent a text message with a Verification Code, and they will be shown a screen to input that code and click the Verify button.
If successful, the Account will now be setup with Secondary Authentication. The next time that they login, they will be asked to authenticated by text message.
The Administrator's Experience - Using Two-Factor Authentication
Your Administrator will login as normal. The system will send them a verification code, and they will see an additional screen to input the code and click the Verify button. If they don't want to go through the verification step again, then they also can check "Trust this device." If the code doesn't work, they can click the "Send New Code" button.
Note : The "Trust this Device" feature uses a cookie. That cookie is only for that web browser, so if they login via another browser, they will need to re-verify. Likewise, if they clear their cookies on the browser, they will need to re-verify. Cookies also can expire, and so they will need to re-verify if it does.
After they verify, they can use the Administrative Console as normal.
The Administrator's Experience - Managing Two-Factor Authentication
Your Administrator can manage their two-factor authentication settings via the User Security page. The page can be accessed via the My Profile link in the upper-right hand menu.
Then by clicking the Edit Icon on their Account.
Then clicking the Security button.
Here on the User Security page, they can remove Two-Factor Authentication. They can also re-add it here, or they can add a second provider.