This article provides summary on how you can configure Two Factor authentication (2FA) in MachPanel.
This article applies to MachPanel Build v6 and above.
Two Factor Authentication (2FA):
Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as "multi factor authentication" that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they know.
- To Configure 2FA settings in MachPanel, navigate to the following path: Home » System Configuration » 2FA Settings
- Check Enabled All sorts of options are possible to entertain different scenarios about enabling/disabling 2FA on different levels (Staff/Resellers/Customers) using the checkboxes highlighted below:
- Enabled: Enabled will enable the option globally without affecting any users. It is up to the user to enable/disable the option for himself/herself.
- Enable by default for new (i) Customers (ii) Resellers (iii) Staff Users: This means that after saving configuration having this checkbox enabled, the respective new Customer/Reseller/Staff will have the option to use 2FA enabled by default.
- Update Existing Users: This option will update existing users based on the previous settings.
- If only "a" is Checked and "b" is Unchecked, the option will be disabled for existing Customers/Resellers/Staff.
- If "a" and "b" both are Checked, it means that option will be enabled for existing Customers/Resellers/Staff.
For 2FA Settings Authenticate Using following:
- Send PIN through Email
- Send PIN through SMS
- Authenticator App
Send PIN through Email:
Select PIN expires in Minutes. Save Settings
You can configure Email address at following path: Home > System Configuration > Emails Configuration > Email Templates
For this option you have to provide Twilio API Settings.
Account SID: Here provide the twilio Account SID.
Auth Token: Provide twilio account authentication token
Number: Provide your number.
Twilio API URL: Provide the Twilio API URL.
Add "Templates" for the PIN SMS to be sent. See snapshot below:
Mobile Authenticator App can be used to enable App Authentication in MachPanel.The Duo Authentication is also supported.
How Login Works for Authenticator app?
- 1st time login
- After password is verified
- User is shown a QR code
- User will scan QR code using any app, suggested apps are (Google Authenticator, Microsoft Authenticator, Authy 2-Factor Authentication)
- When QR code is scanned, user will get 6-digit auth code in application.
- Warning: Code changes in 30 seconds.
- 6-digit TOTP Code in application
3. In case user account is duplicated, then latest one will be valid.
- User will input code, if code is accepted user is logged in.
- Returning user login
- Same as 1st time login but no need to scan QR code.
- User just needs to enter code from his mobile app.
- Reset Authenticator App.
- Needed in case user lost his device, or reinstalled app and does not have code available.
- Click on Re-Authenticate your mobile authenticator app link.
- Enter registered email address and hit Submit to get secret key on your registered email address:
- Check your email for secret key and enter the received secret key on Step 2 and hit "Re-Authenticate your mobile authenticator app" button:
- Finally you will be taken to login screen, where you can enter your login/password and then you will be asked to register a new authenticator app.