...
...
...
...
...
...
...
...
...
...
...
Two-factor authentication and CMS login procedures
Table of Contents | ||
---|---|---|
|
User logins
Initial setup when forced
...
Info |
---|
Initial Authentication Setup Procedure:
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
Subsequent Logins
|
...
A User can optionally add two-factor authentication to their CMS login. To set up the process, they must be logged in to CMS.
...
Failed Logins
Reset 2FA by User
|
Unlock Another CMS User
A CMS user in your company can unlock a user whose account is locked due to too many failed attempts. NOTE - If there are no other CMS users in your company, your account can be unlocked by Commerce Vision.
To unlock a CMS user:
- In CMS, go to Users → CMS Users.
- In User Search, find the user.
- A locked user will have the Locked button next to them. Click on it to unlock the user.
NOTE - The Locked button is also displayed in the Edit User's page.
Password Changes
- When two-factor authentication is active for the User, a Password change by the User must be authorised by entering a valid PIN.
To change the CMS password,
- While logged into CMS, hover over the icon on the top right corner of the screen.
- In the menu displayed, select Manage Account.
- In the 'Change Password' panel, enter the Current/New Password details.
- In Two-Factor Authentication Required, enter a valid PIN obtained from the authenticator app.
- Click Change Password.
Anchor | ||||
---|---|---|---|---|
|
- A User can reset 2FA for their CMS login. They must be logged into the CMS at the time.
- In the CMS, hover over the icon on the top right corner of the screen.
...
- In the menu displayed, select Manage Account.
...
- In the Manage Account screen, click the Two-Factor Authentication Setup button.
...
...
- In the Setup Two-Factor Authentication screen, you will see a generated 'Manual Entry Key' and a 'QR Code'.
- In your authenticating device, open the authenticator app and either scan the QR Code or
...
- type in the
...
- Manual Entry Key. NOTE - if the 'Manual Entry Key' option is used, ensure 'Time-Based' is selected if
...
- you are asked to select a 'Type of Key' option.
- The Authenticator app will generate a PIN. Enter this PIN in Verify Setup by Entering Authenticator App PIN.
- Click Verify and Save
...
Subsequent logins
Once a User has set up their two-factor authentication with the initial login, the Authenticator app saves the authentication account for CMS login. At the next login, the User just has to go to the CMS login account in the Authentication app to retrieve the current PIN. This PIN is required after the User enters their Username and Password.
Failed logins
- After five failed attempts, the User will be locked out for an hour.
Password changes
- A Password change by the User must be authorised by entering the current generated PIN.
To change their password,
- While logged into CMS, the User selects Manage Account (top right corner of the screen).
- In the 'Change Password' screen, they enter the required the Current/New Password details as well as the current generated PIN from their Authenticator app.
Authenticator resets
Reset by User
A logged in authenticated User can reset their authentication. For example, a User may wish to change to another Authenticator app. Once the new setup is completed, it will automatically replace the old one. To reset authentication, just follow the steps for a User-added Setup.
Loss of authenticator application or access
If the authenticator application is no longer available, e.g., the device is lost, the User must contact Commerce Vision and ask for an account reset. Their CMS User account will be reset to allow the User to set up two-factor authentication again when they next attempt to login (if two-factor authentication has been set as mandatory by the CMS Administrator) or by the User accessing the Two-factor Authentication feature once they are logged in with their Username and Password. (See Reset by User.)
Force two-factor authentication
...
- . If the PIN is valid, setup is successful and you will be logged into CMS. NOTE - A popup error message will display if the PIN is invalid.
For Administrators
Anchor reset reset
Reset 2FA by Admin
reset | |
reset |
CMS Administrators and Commerce Vision can clear the current authentication set up by a User by resetting the User's authentication. This step is required if forced two-factor authentication is to be disabled for a User or the User has lost access to their current authentication.
To reset a User's authentication,
- Navigate to Users → CMS Users.
- Use the User Search tool to find the specific User and click Edit.
- Scroll down to the Two-Factor Authentication (2FA) section.
- When a User has a current authentication set up, the Reset Two-Factor Authentication for User button will appear.
- Click the Reset Two-Factor Authentication for User button.
- In the Reset Two-Factor Authentication popup, click OK to confirm you want to delete the current authentication.
Force two-factor authentication on a User
NOTE - This section only applies if 2FA is not globally active.
CMS Administrators can make two-factor authentication mandatory (forced) for Users. Forced authentication must be enabled for each User individually as the global setting is OFF.
To enable two-factor authentication for a User,
- Navigate to Users → CMS Users.
- Use the User Search tool to find the User and click Edit.
- Scroll down to the Two-Factor Authentication (2FA) section.
- Toggle ON Override Global 2FA Configuration.
- Once Override Global 2FA Configuration is on, the Enable 2FA Configuration for User toggle will display. Toggle this ON.
- To save the setting, click Save & Exit.
- When a user has set up their authentication, Administrators will see a red Reset two factor Authentication for User button in the Two-Factor Authentication (2FA) section.
Note | ||
---|---|---|
| ||
Administrators can disable forced authentication for a User by toggling OFF Override Global 2FA Configuration and Enable 2FA Configuration for User and saving the change. However, if the User has set up a current authentication, the system will not permit disabling until the authentication has been cleared (reset). |
Related help
Content by Label | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|