Versions Compared

Old Version 26

changes.mady.by.user Documenter

Saved on

compared with

New Version 27

changes.mady.by.user Documenter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt
hiddentrue

As an extra layer of security, from version 1.21, two-factor authentication (2FA) has been implemented for CMS User logins. Users are required to enter their password and verify their login by entering a PIN generated by an authenticator app. 

From version 1.21 Two-factor authentication (2FA) is mandatory for CMS logins. The user is required to enter their password and verify the login through a PIN (passcode) provided by an authenticator app on their personal device. This two step procedure is designed aims to ensure that the person logging into the CMS is the owner of that account.There are two ways to activate two-factor authentication for a User. CMS Administrators can enable it for that User so that it is is mandatory (forced) requirement. Or the User can decide to opt-in voluntarily and initiate set up themselves.            


Info

To use two-factor authentication, a User must have the following ready:

  • an authenticating device: this is usually a personal device the User has access to during the login process, e.g., their smartphone, 
  • an authenticator app installed on their authenticating device.

There are a number of third party Authenticator apps available and free that Users can easily download to their personal devices. Some popular ones are Authy, Microsoft Google Authenticator, Authy and Google Microsoft Authenticator.
NOTE - The authenticating procedure may vary slightly for different apps but they all involve the first, scanning of a QR Code or manually entering an entry key, and then obtaining the authentication PIN for login.  

...

Initial Authentication Setup

For Globally Enforced

When With two-factor authentication has been enabled by the Administrator, the User will be required to set up the two-factor authentication when they next attempt to login to CMS.

...

  1. At the CMS login screen, enter your Username and Password, then click Login

  2. Instead of being logged in, the Authentication popup displays. 
  3. Open the authenticator app on your authenticating device.

  4. Either scan the QR Code or type in the Manual Entry Key. NOTE - if the 'Manual Entry Key' option is used, ensure 'Time-Based' is selected if you are asked to select a 'Type of Key' option.

  5. The authenticator app generates a PIN that expires in a set amount of time. Enter this PIN in the Authentication popup.

  6. , Click Verify and Login. If the PIN is valid, access to CMS will be granted. 

Anchor
UserSetup
UserSetup

...

User Reset of 2FA

  • A User can optionally add reset two-factor authentication to for their CMS login process. To set this up, they . They must be logged into the CMS at the time.

...

  • Once a User has successfully set up two-factor authenticationreset their 2FA, the authenticator app saves the account for CMS login. At the next login, the User simply opens the authenticator app in their device to obtain a valid PIN. This PIN is entered after the Username/Password step. 

...

  • The User has five attempts at logging in. After the fifth failed attempt, they will be locked out for an hour.  

Password Changes

  • If When two-factor authentication is active for the User, a Password change by the User must be authorised by entering a valid PIN.

...

  • An authenticated User can reset and set up a new authentication when logged in CMS. To reset authentication, they just follow the steps for Initial Setup for Opt-in User User Reset for 2FA. Once the procedure is completed, the new authentication will automatically replace the old one. 

...