Two-Factor Authentication for Shopping Cart Users

Have more questions? Submit a request

Introduction

The Services Manager allows you to setup and manage external service providers. One service is two-factor authentication (2FA) for Shopping Cart customers. This adds a layer of security.

You will need to add the Service Provider, add it as a Secondary Authentication provider, and enable it for Customers. Then, each individual Customer can choose to add it to their Account.

You can use a Service Provider that has already been setup by Configio, or you can create and setup your own custom Service Providers if you have an account with one of our integration partners. The Service Provider available from Configio is SMTP, and the custom Service Providers that we are integrated with are Cdyne and Twilio. The SMTP provider allows for Two-Factor Authentication via email, and the custom providers allow for Two-Factor Authentication via text message.

Getting Started

There are one System Configuration related to the feature. Log into your Administrative console, navigate to Settings -> Setup -> Configuration. Search for "company name." If necessary, update the Company Name field in the Contact Information section and click the Save button. This name may be shown to your customers during the authentication process.
configio.png

Adding a Configio Service Provider

Log into your Administrative console, navigate to Settings -> Setup -> Services Manager. Select Services.
configio.png

Click the Add New button.
configio.png

Click on the Configio Service Provider link.
configio.png

Choose SMTP, (optionally) update the Title, and click the "Save" button.
configio.png

Adding a Custom Service Provider

Like above, start by logging into your Administrative console, navigating to Settings -> Setup -> Services Manager, selecting Services, and selecting Add New.

Select the Custom Service Provider link.
configio.png

Select which Service Provider you would like to use. You may see a Setup Instructions section. These instructions are for setting-up an application that is external to Configio, and therefore are provided within Configio solely for your convenience. Follow the instructions, input the values created during setup into the fields above the instructions, and click the Save button.
configio.png

 

Adding a Secondary Authentication Provider

Return to Settings -> Setup -> Services Manager and click the Secondary Auth button.

 

Click the Add New button.
configio.png

Choose the Service Provider, input a Title, and click the Save button.
configio.png

Enabling/Disabling Two-Factor Authentication for Customers

Return to Settings -> Setup -> Services Manager. Click the Two Factor Auth button in the Customer Authentication section.
configio.png

Switch the Allowed toggle from Inactive to Active. This will enable it. Switching back to Inactive will disable it.
configio.png

 

The Customer's Experience - Setting-up Verification

Your customer will login as normal. If they go to the Account Settings page, they will see a link to Two-Factor Authentication.
configio.png

Clicking it returns the Two-Factor Authentication page. Here, they can select the Service Provider, input their mobile phone number, and click the "Send Code" button.
configio.png

They will then be sent a text message with a Verification Code, and they will be shown a screen to input that code and click the Verify button.
configio.png

If successful, there will now an Secondary Authentication Entry on that Admin Account, and the next time that they login, they will be asked to authenticated by text message. Note: If unsuccessful, they will have the opportunity to have the system send another text message with a new code.
configio.png

 

The Customer's Experience - Verifying the Account

Your customer will login as normal. The system will send them a verification code, and they will see an additional screen to input the code and click the Verify button. If they don't want to go through the verification step again, then they also check "Trust this device." If the code doesn't work, they can click the "Send New Code" button.

Note : The "Trust this Device" feature works on a cookie. That cookie is for only that web browser, so if they login via another browser, then they will need to verify. Likewise, if they clear their cookies on the browser, they will need to verify. Cookies also can expire, and so they will need to re-verify if it does.
configio.png

After they Verify, they can use the Shopping Cart as usual.

The Customer's Experience - Managing Two-Factor Authentication

If your customer no longer wants two-factor authentication on their account, they manage that from the settings page. Clicking the delete icon will remove it.
configio.png

Articles in this section

Was this article helpful?
0 out of 0 found this helpful