You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Overview
 

As an extra layer of security, two-factor authentication is available for CMS User logins. When it is active for a User, they are required to enter their password and verify the login through a PIN (passcode) generated by an authenticator app on their personal device. This two step procedure is designed to ensure that the person logging into the CMS is the owner of that account. There are two ways to activate two-factor authentication for a User. CMS Administrators can turn it on in a CMS User account so the process is mandatory (forced) for that User. Or a User can decide to opt in voluntarily and set it up.            

To use two-factor authentication, a User must have the following ready:

  • an authenticating device: this is usually a personal device the User has access to during the login process, e.g., their smartphone, and
  • an Authenticator app installed on the device.

There are a number of third party Authenticator apps available and free that Users can easily download to their personal devices. Some common ones are Authy, Microsoft Authenticator, and Google Authenticator. NOTE - The authenticating procedure may vary slightly for different apps.  

Two-factor authentication and CMS login procedures

Initial setup for forced User

When two-factor authentication has been switched on for a User by the Administrator, they will be asked to set up the two-factor authentication when they next attempt to login. Once the User has successfully set up the procedure, the authenticator app will save the CMS authentication account for future logins. At each subsequent login, they just have to open the app on the same device and nominate the account they are logging into. A PIN will automatically be generated.


Procedure for User: 

  1. At the CMS login screen, enter your Username and Password. 

  2. Instead of being logged in, the Authentication popup displays. 
  3. Open the authenticator app on your authenticating device.

  4. Either scan the QR Code or type in the Manual Entry Key. NOTE - if the 'Manual Entry Key' option is used, ensure 'Time-Based' is selected if you are asked to select a 'Type of Key' option.

  5. The authenticator app generates a PIN that expires in a set amount of time. Enter this PIN in the Authentication popup.

  6. , Click Verify and Login. If the PIN is valid, access to CMS will be granted. 

Initial setup for Opt-in User

A User can optionally add two-factor authentication to their CMS login process. To set this up, they must be logged in.

  1. In the CMS, hover over the Person Icon icon on the top right corner of the screen.

  2. In the menu displayed, select Manage Account.


  3. In the Manage Account screen, click the Two-Factor Authentication Setup button.  
  4. In the Setup Two-Factor Authentication screen, you will see a generated 'Manual Entry Key' and a 'QR Code'. In your authenticating device, open the authenticator app and either scan the QR Code or type in the Manual Entry Key. NOTE - if the 'Manual Entry Key' option is used, ensure 'Time-Based' is selected if you are asked to select a 'Type of Key' option.


  5. The Authenticator app generates a PIN. Enter this PIN in Verify Setup by Entering Authenticator App PIN.

  6. Click Verify and Save. If the PIN is valid, setup is successful and authentication is complete. A popup error message will display if the PIN is invalid.  

Subsequent logins

Once a User has successfully set up two-factor authentication, the authenticator app saves the authentication account for CMS login. At the next login attempt, the User just has to open the Authentication app to retrieve a valid PIN. This PIN is entered after the Username/Password step. 

 

Failed logins

  • The User has five attempts at logging in. After the fifth failed attempt, they will be locked out for an hour.  

Password changes

  • If two-factor authentication is active for the User, a Password change by the User must be authorised by entering a valid PIN.

To change the CMS password,

  1. While logged into CMS, hover over the Person Icon icon on the top right corner of the screen.

  2. In the menu displayed, select Manage Account.
  3. In the 'Change Password' panel, enter the Current/New Password details. 
     

  4. In Two-Factor Authentication Required, enter a valid PIN from the authenticator app.

  5. Click Change Password.

Authentication resets

Reset by User

An authenticated User can reset their authentication when logged in CMS. To reset authentication, just follow the steps for a Initial setup for Opt-in User. Once the procedure is completed, the new authentication will automatically replace the old one. 

Loss of authentication account access

If a User's current authentication account is no longer available, e.g., the device is lost, they must contact Commerce Vision and ask for an account reset. Once the current authentication is deleted, the User can set up two-factor authentication again.


Force two-factor authentication on a User

CMS Administrators can make two-factor authentication mandatory for Users. This must be enabled individually for each User in their CMS User account. 


To turn on two-factor authentication for a User,

  1. Navigate to UsersCMS Users.

  2. Use the User Search tool to find the User and click Edit

  3. Scroll down to the Two-Factor Authentication section.

  4. Toggle ON Override Forced Global Two Factor State.



  5. Once Override Forced Global Two Factor State is enabled, the User Specific Override toggle will be displayed. Toggle this ON. 

  6. Click Save & Exit.

Related help

  • No labels

© Copyright 2001-2023 Commerce Vision Pty Ltd. Use of this site signifies your acceptance of Commerce Vision’s Terms & Conditions. CV Connect, the Commerce Vision logos, and other Commerce Vision marks are assets of Commerce Vision Pty Ltd.