Two-Factor Authentication for Shopping Cart Users
Introduction
The Services Manager allows you to set up and manage external service providers. One service is two-factor authentication (2FA) for Shopping Cart customers. This adds a layer of security.
You will need to add the Service Provider, add it as a Secondary Authentication provider, and enable it for Customers. Then, each Customer can choose to add it to their Account.
You can use a Service Provider that has already been set up by Configio, or you can create and set up your own custom Service Providers if you have an account with one of our integration partners. The Service Provider available from Configio is SMTP, and the custom Service Providers that we are integrated with are Cdyne and Twilio. The SMTP provider allows for Two-Factor Authentication via email, and the custom providers allow for Two-Factor Authentication via text message.
Getting Started
There is one System Configuration related to the feature. Log in to your Administrative console, navigate to Settings -> Setup -> Configuration. Search for "company name." If necessary, update the Company Name field in the Contact Information section and click the Save button. This name may be shown to your customers during the authentication process.
Adding a Configio Service Provider
Log in to your Administrative console, navigate to Settings -> Setup -> Services Manager. Select Services.
Click the Add New button.
Click on the Configio Service Provider link.
Choose SMTP, (optionally) update the Title, and click the "Save" button.
Adding a Custom Service Provider
Like above, start by logging into your Administrative console, navigating to Settings -> Setup -> Services Manager, selecting Services, and selecting Add New.
Select the Custom Service Provider link.
Select which Service Provider you would like to use. You may see a Setup Instructions section. These instructions are for setting up an application that is external to Configio, and therefore are provided within Configio solely for your convenience. Follow the instructions, input the values created during setup into the fields above the instructions, and click the Save button.
Adding a Secondary Authentication Provider
Return to Settings -> Setup -> Services Manager and click the Secondary Auth button.
Click the Add New button.
Choose the Service Provider, input a Title, and click the Save button.
Enabling/Disabling Two-Factor Authentication for Customers
Return to Settings -> Setup -> Services Manager. Click the Two Factor Auth button in the Customer Authentication section.
Switch the "Allowed" toggle from "Inactive" to "Active". This will enable it. Switching back to "Inactive" will disable it.
The Customer's Experience - Setting up Verification
Your customer will log in as normal. If they go to the Account Settings page, they will see a link to Two-Factor Authentication.
Clicking it returns the Two-Factor Authentication page. Here, they can select the Service Provider, input their mobile phone number, and click the "Send Code" button.
They will then receive a text message with a Verification Code, and they will be prompted to enter that code and click the "Verify" button.
If successful, there will now be a Secondary Authentication Entry on that Admin Account, and the next time that they log in, they will be asked to authenticate by text message. Note: If unsuccessful, they will have the opportunity to have the system send another text message with a new code.
The Customer's Experience - Verifying the Account
Your customer will log in as normal. The system will send them a verification code, and they will see an additional screen to enter the code and click the "Verify" button. If they don't want to go through the verification step again, then they also check "Trust this device." If the code doesn't work, they can click the "Send New Code" button.
Note: The "Trust this Device" feature works on a cookie. That cookie is for only that web browser, so if they log in via another browser, then they will need to verify. Likewise, if they clear their cookies on the browser, they will need to verify. Cookies can also expire, so they will need to re-verify if it does.
After they Verify, they can use the Shopping Cart as usual.
The Customer's Experience - Managing Two-Factor Authentication
If your customer no longer wants two-factor authentication on their account, they can manage that from the settings page. Clicking the delete icon will remove it.
Related Articles
Two-Factor Authentication via Email Messages
Introduction The Services Manager allows you to setup and manage external service providers. One service is two-factor authentication (2FA). This adds a layer of security. It can be added for administrators and/or customers. It can be done via email ...Two-Factor Authentication for Administrators
Introduction The Services Manager allows you to setup and manage external service providers. One service is two-factor authentication (2FA) of Administrative users. This adds a layer of security. You will need to add the Service Provider, add it as a ...Importing Shopping Cart Accounts
Introduction Configio enables you to create and update Shopping Cart Accounts via a file import. Accessing the Template Access the Import Accounts tool by going to Settings --> Management --> Import Manager. Click on Accounts. It can also be found on ...Users
Now that you are setup with your Event Manager database, it is time to delegate some responsibility. You need more users! Start at Settings > Users. Start by entering information for your new user in the fields marked Username through Phone. Add new ...Social Media Registration and Login
Introduction The Services Manager allows you to setup and manage external service providers. These services include allowing your customers to create and log into Shopping Cart Accounts via their social media accounts. This provides added convenience ...