Versions Compared
Version | Old Version 3 | New Version 4 |
---|---|---|
Changes made by | ||
Saved on |
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Excerpt |
---|
On this page, we analyze the feature of Two Factor Authentication (2FA) mechanism along with its functionality and the way you can enable it in your Storefront. |
The feature of Two-Factor Authentication (2FA) via Email, enables Storefront administrators to offer Storefront users an extra layer of user-friendly protection during their login by enhancing the security of the platform and the privacy of the accounts. Specifically, with 2FA, a user needs to provide two different identity verification factors to confirm their identity, adding an additional layer of security beyond a password. Therefore, this feature grants users greater autonomy over their authentication preferences, aligning with the need for customizable security measures in your digital systems.
Enabling the 2FA Mechanism
To enable the 2FA mechanism, you have to must contact our Support Team at support@interworks.cloud to request the enablement of the featureexactly that.
Image AddedAfter you have enabled the 2FA mechanism, for your Storefront, your BSS platform, or both, you can then proceed to customize, according to your needs and business image, the notification/verification template of the email that will be dispatched to your user each time they log into the platform with their credentials. We already assume that the email addresses provided by the Storefront users are real and accessible. This assumption ensures that when the system sends verification codes and notifications via email, the user can access these emails once the 2FA (Two-Factor Authentication) mechanism is enabled.
Logging into Storefront with 2FA
The classic login method in the Storefront platform remains the same, but the 2FA security step enriches it. Specifically, the Storefront user enters the credentials required for logging in, which include the username, and password. Whether the user has Administrative rights or is a regular user, during the login process with local login credentials, they will go through the 2FA authentication procedure when it is enabled*.
Rw ui textbox macro | ||
---|---|---|
| ||
* Single Sign On & 2FA When the Storefront user has an external Single-Sign-On (SSO) system enabled, such as Azure AD or Azure AD B2C (OIDC) or Google, as their method of authentication, then the process with the 2FA verification does not apply. |
Once the Storefront user clicks the login button and passes the existing credentials verification, two actions occur:
A pop-up window opens, requesting the 2FA Verification Code.
An email is dispatched to the email address belonging to the user.
Verification Code Pop-up
In the pop-up window that appears, the Storefront user is requested to enter the six-digit verification code they received in their email. Of course, the email to which the verification code will be sent belongs to the user attempting to log in.
For extra security and historical purposes, at this stage, the email of the Storefront user attempting to log in is recorded in the path BSS Setup > Administration > Personal Setup > Profile.
Inside the verification pop-up window, the Storefront user can witness the Verification code field in which the 6-digit verification code that was dispatched to their email address must be filled in. The code is visible, and the Storefront user can see it when they enter it. The field cannot accept more than 6 characters and only accepts numbers.
There are two main scenarios concerning the Verification code field:
Valid Verification Code: When the active verification code is inserted into the verification field, and the Verify and Log In button is clicked, then the Storefront user is successfully logged in and is redirected to the Storefront Home Page.
Invalid Verification Code: In this scenario, three reasons can invalidate the verification process and are analyzed below.:
When the Storefront user leaves the Verification code field blank, and clicks Verify and Log In, the following error message appears: "This field is required.”.
In case an incorrect code is entered from the one sent to the email notification, by clicking the Verify and Log In button, the following message appears:
“Invalid Verification Code. Please check your code and try again.”.When the Storefront user attempts to enter the verification code after the code has expired, which occurs after 5 minutes**, or after 10 attempts → the following message is displayed: “The verification code has expired. Please use the resend code button to request another verification code.”.
Rw ui textbox macro | ||
---|---|---|
| ||
** Verification Code Validity Period To ensure security, verification codes have a limited validity period of, five minutes, after which they expire. If the email verification code expires, users must request a new code by selecting the Resend button. Also, after attempting to provide the same verification code for more than 10 times, the last generated verification code becomes expired and the user must request a new code by selecting the Resend button. |
For cases such as the aforementioned one where the verification code is expired, there is an option called Resend in the verification pop-up window that the user can interact with. This button is typically used when a Storefront user needs to resend the verification email that was previously sent, but either it has expired or was not received in time. Please note that to prevent misuse, each verification code is single-use only, meaning that after it has been used, the code becomes invalidated. Lastly, when the Storefront user clicks the Resend button, an informative message appears that informs the user that a new email has been dispatched.
Verification Email from the 2FA Mechanism
After the user fills in their Storefront local credentials to log in to the Storefront, a system-generated email notification is dispatched to the user's predefined email address containing the 2FA verification code.
Info |
---|
This Notifications is located in BSS Setup > Setup/> Administration > Notifications /> CustomerNotifications .aspx > User Directory→ Directory > Cloud Platform Verification Code |
The following email notification template is used:
bgColor | #E6FCFF |
---|
Image Added
Concerning the To: {
#Directory#Contacts.Mail#}
. Whenemail field, when the user leaves this field empty, it is configured to automatically send the notification to the account associated {#Directory.Mail#}. Otherwise, if a merge field for the recipient is set to
'the To: field,
'then the merge field takes precedence
Cc: Empty field
BCC: Empty field
Email Subject: “Cloud Platform verification code”
bgColor | #E6FCFF |
---|
.
FullName#},In order to confirm your identity, please use the following Verification Code:
[6-digit verification code]
This verification code will be valid for the next [#ExpirationMinutes#] minutes.
If you did not make this request, please ignore this email.
Of course, BSS administrators can customize the email body to fit their business requirements.
The final 2FA notification email that is dispatched to the email address of the Storefront user looks like the following example:
Table of Contents
Table of Contents | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|