This article provides summary on how you can configure Two Factor authentication (2FA) in MachPanel.
This article applies to MachPanel Build v6 and above.
Two Factor Authentication (2FA):
Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as "multi factor authentication" that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they know.
- To Configure 2FA settings in MachPanel, navigate to the following path: Home » System Configuration » Authentication. Select Two Factor Authentication Settings tab.
- Check Enabled All sorts of options are possible to entertain different scenarios about enabling/disabling 2FA on different levels (Staff/Resellers/Customers) using the checkboxes highlighted below:
- Enabled: Enabled will enable the option globally without affecting any users. It is up to the user to enable/disable the option for himself/herself.
- Enable by default for new (i) Customers (ii) Resellers (iii) Staff Users: This means that after saving configuration having this checkbox enabled, the respective new Customer/Reseller/Staff will have the option to use 2FA enabled by default.
- Update Existing Users: This option will update existing users based on the previous settings.
- If only "a" is Checked and "b" is Unchecked, the option will be disabled for existing Customers/Resellers/Staff.
- If "a" and "b" both are Checked, it means that option will be enabled for existing Customers/Resellers/Staff.
For 2FA Settings Authenticate Using following:
- Send PIN through Email
- Send PIN through SMS
- Authenticator App
Send PIN through Email:
Select PIN expires in Minutes. Save Settings
You can configure Email address at following path: Home > System Configuration > Emails Configuration > Email Templates
For this option you have to navigate to System Configuration > SMS Setting
Provide Twilio API Settings.
-
Account SID: Here provide the twilio Account SID.
-
Auth Token: Provide twilio account authentication token
-
Number: Provide your number.
-
Twilio API URL: Provide the Twilio API URL.
SMS Templates
Navigate to
System Configuration > SMS Setting >SMS Template Add "Templates" for the PIN SMS to be sent. See snapshot below:
Authenticator App
Mobile Authenticator App can be used to enable App Authentication in MachPanel.
How Login Works for Authenticator app?
- 1st time login
- After password is verified
- User is shown a QR code
- User will scan QR code using any app, suggested apps are (Google Authenticator, Microsoft Authenticator, Authy 2-Factor Authentication)
- When QR code is scanned, user will get 6-digit auth code in application.
- Warning: Code changes in 30 seconds.
- 6-digit TOTP Code in application
3. In case user account is duplicated, then latest one will be valid.
- User will input code, if code is accepted user is logged in.
- Returning user login
- Same as 1st time login but no need to scan QR code.
- User just needs to enter code from his mobile app.
- Reset Authenticator App.
- Needed in case user lost his device, or reinstalled app and does not have code available.
- Click on Re-Authenticate your mobile authenticator app link.
- Enter registered email address and hit Submit to get secret key on your registered email address:
- Check your email for secret key and enter the received secret key on Step 2 and hit "Re-Authenticate your mobile authenticator app" button:
v. Finally you will be taken to login screen, where you can enter your login/password and then you will be asked to register a new authenticator app.
Duo Authentication
- Click on "Protect an application" to begin configuring a new application for protection.
- Search and Choose "Web SDK".
- Update desired settings / parameters like Name etc. OR leave unchanged. Lets set the name as "MachPanel-Web SDK Application".
- Copy the details to notepad (or copy directly to MachPanel). You need "Client ID", "Client Secret" and "API hostname".
- Hit "Save" at bottom of screen.
- Enter the copied details into the appropriate fields within MachPanel for integration.
- Click on "Save Settings".
- Based on the settings, you or your customers (resellers/customers) will get option to enable and configure the Duo Security App for 2FA.
- Click on "Save" and if its a new account, you will need to scan the QR code to add application on your device.
- If existing account, you will be presented with option to accept the "Duo Push" notification on your device.
- Finally you will be logged in to the panel after successful verification/approval.