Versions Compared

Version Old Version 3 New Version Current
Changes made by

Panagiotis Papanastasiou

Panagiotis Papanastasiou

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

On this page, we analyze the feature of Two Factor Authentication (2FA) mechanism along with its functionality and the way you can enable it in your Standard Reseller Storefront.

The feature of Two-Factor Authentication (2FA) via Email, enables Standard Reseller Storefront administrators to offer their Storefront users an extra layer of user-friendly protection during their login by enhancing the security of the platform and the privacy of the accounts. Specifically, with 2FA, a user needs to provide two different identity verification factors to confirm their identity, adding an additional layer of security beyond a password. Therefore, this feature grants users greater autonomy over their authentication preferences, aligning with the need for customizable security measures in your digital systems.

Rw ui textbox macro
typenote

Mandatory Two-Factor Authentication (2FA) in the Storefront After July 0102, 2024

Since our goal is to bolster security and protect user accounts by requiring an additional layer of verification during local login, what you need to know is the following:

  • Grace Period For Existing Storefronts of White Label Resellers (Free & Standard): For existing Storefronts of White Label Resellers (Free & Standard), with the 3.28.149 release, the enforced 2FA will be accomplished on July 0102, 2024.This means that there will be no grace period for existing Storefronts.

  • Grace Period for New Storefronts of White Label Resellers (Free & Standard): With the establishment of a new Storefront for White Label Resellers (Free & Standard), the Two Factor Authentication (2FA) is inactive by default and the grace period for setting up and adapting Storefront users to use 2FA begins. The grace period for new Storefronts is 60 days and is calculated as follows: grace period = new organization/Storefront creation date + 60 days

  • Grace Period when Upgrading/Downgrading from a White Label Reseller Free to a Standard (paid) and Vice Versa: In case the White Label Reseller upgrades or downgrades to a Paid Plan or Free Plan during the grace period, the grace period does not change (it does not restart) and the expiration date of the grace period remains the same.

  • Grace Period when Downgrading from a White Label Reseller (Free & Standard) to a Basic Reseller: In the scenario where a Reseller downgrades from being a White Label Reseller (Free & Standard) Reseller to a Basic Reseller and then becomes Standard (Free/Paid) Reseller again through the creation of a subscription, there will not be a new grace period for that specific reseller. What applies to the grace period is that it will only be available the first time a Basic Reseller upgrades to a White Label Reseller of the Free or the Standard Edition.

Therefore, before the 01st 02nd of July 2024, Storefront users can continue utilizing their local login credentials without 2FA. However, we strongly encourage everyone to enable 2FA promptly. After the 01st 02nd of July 2024 when the grace period ends, especially for existing Storefronts of White Label Resellers (Free & Standard), the 2FA login mechanism becomes mandatory for all Storefront users.

If an existing or new White Label Reseller (Free & Standard) wants to extend the grace period, they can request it from our Support Team.

🔹 Please, also check the respective enforcement of the Two-Factor Authentication (2FA) in the Storefront for Distributors on the Local Login in Storefront With Two Factor Authentication (2FA) page.

Enabling the 2FA Mechanism

To enable the 2FA mechanism, you have to proceed with the two following actions:

  1. Enable the 2FA mechanism from within the Standard Reseller Admin Panel by navigating to Admin Panel > Settings > Storefront Settings > Settings > Two Factor Authentication (2FA),and activating the respective toggle button, which by default is inactive.

  2. Once you have enabled the 2FA toggle button for the Standard Reseller Storefront, you must also enable the 2FA Email Notification. By navigating to the Admin Panel > Settings > Notifications > Notifications and selecting first the Group Customers and then the Notification ‘Storefront User 2FA Verification Code’, you need to click on the Enable toggle button to enable it because, by default, it is disabled.

Once you have enabled the 2FA mechanism and its respective notification, from your Admin Panel of the Standard Reseller Storefront, you can then proceed to customize, according to your needs and business image, the notification/verification template of the email that will be dispatched to your users each time they log into the Storefront with their credentials. We already assume that the email addresses provided by the Storefront users are real and accessible. This assumption ensures that when the system sends verification codes and notifications via email, users can access these emails once both the 2FA (Two-Factor Authentication) mechanism and the respective Email notification are enabled.

 

Logging into Standard Reseller Storefront with 2FA

The classic login method in the Standard Reseller Storefront platform remains the same, but the 2FA security step enriches it. Specifically, the Standard Reseller Storefront user enters the credentials required for logging in, which include the username, and password. During the login process with local login credentials, the user will go through the 2FA authentication procedure when it is enabled.

Once the Standard Reseller Storefront user clicks the login button and passes the existing credentials verification, two actions occur:

  1. A pop-up window opens, requesting the 2FA Verification Code.

  2. An email is dispatched to the email address belonging to the user.

 

Verification Code Pop-up

In the pop-up window that appears, the Standard Reseller Storefront user is requested to enter the six-digit verification code they received in their email. Of course, the email to which the verification code will be sent belongs to the user attempting to log in.

Inside the verification pop-up window, the Standard Reseller Storefront user can witness the Verification code field in which the 6-digit verification code that was dispatched to their email address must be filled in. The code is visible, and the Standard Reseller Storefront user can see it when they enter it. The field cannot accept more than 6 characters and only accepts numbers.

There are two main scenarios concerning the Verification code field:

  • Valid Verification Code: When the active verification code is inserted into the verification field, and the Verify and Log In button is clicked, then the Standard Reseller Storefront user is successfully logged in and is redirected to the Storefront Home Page.

  • Invalid Verification Code: In this scenario, three reasons can invalidate the verification process and are analyzed below.:

    • When the Standard Reseller Storefront user leaves the Verification code field blank, and clicks Verify and Log In, the following error message appears:

    • In case an incorrect code is entered from the one sent to the email notification, by clicking the Verify and Log In button, the following message appears:

    • When the Standard Reseller Storefront user attempts to enter the verification code after the code has expired, which occurs after 5 minutes**, or after 10 attempts, the following message is displayed:

For cases such as the aforementioned one where the verification code is expired, there is an option called Resend in the verification pop-up window that the Standard Reseller Storefront user can interact with. This button is typically used when a Standard Reseller Storefront user needs to resend the verification email that was previously sent, but either it has expired or was not received in time. Please note that to prevent misuse, each verification code is single-use only, meaning that after it has been used, the code becomes invalidated. Lastly, when the Standard Reseller Storefront user clicks the Resend button, an informative message appears that informs the user that a new email has been dispatched.

 

Verification Email from the 2FA Mechanism

After the user fills in their Standard Reseller Storefront local credentials to log in to the Standard Reseller Storefront, a system-generated email notification is dispatched to the user's predefined email address containing the 2FA verification code.

Info

This Notifications is located in Admin Panel > Settings > Notifications > Notifications > Customers > Storefront User 2FA Verification Code.

The following email notification template is used:

Concerning the To: {#Contacts.Email#} email field, when the user leaves this field empty, it is configured to automatically send the notification to the account associated {#Contacts.Email#}. Otherwise, if a merge field for the recipient is set to the To: field, then the merge field takes precedence.

Of course, the Standard Reseller administrator(s) can customize the email body to fit their business requirements. Lastly, after any applicable customizations take place on the email body of the notification, the Save button must be clicked; otherwise, these changes will not be applied.

The final 2FA notification email that is dispatched to the email address of the Standard Reseller Storefront user looks like the following example:

Table of Contents

Table of Contents
maxLevel6
minLevel1
include
outlinefalse
indent
excludeTable of Contents
typelist
printablefalse
class