Two Factor Authentication Extension

About

Two-Factor Auth For EasyDCIM introduces an additional security layer to our system by requiring a second factor token to be provided during the authorization process.

Features

  • Several Authentication Submodules Available - TOTP And YubiKey Included
  • Separate Configuration For Each Submodule
  • Enable/Disable Specific Submodules
  • Create Your Own Submodules
  • Administrator Sessions Management:
    • Verify Login Session Duration
    • Check Last Activity Of Administrator Session
    • Verify Operating System And Web Browser For Given Session
    • Delete Active Administrator Sessions
    • Delete Sessions Exceeding Defined Duration
  • Force Two-Factor Authentication On All Staff Members
  • Log In Using Backup Code Instead Of Second Factor Token

Supported submodules

  • Time-Based One Time Passwords (TOTP)
  • YubiKey

Extension configuration

To configure the additional security layer, go to the main view of the Two Factor Authentication extension. The list represents the currently available sub-modules. To activate the submodule, select the “Edit” option and change the “Enable Module” field to the “Yes” value in the form.

Two Factor Authentication: Submodules Activation - EasyDCIM Documentation

Then go to the Configuration tab and select the “Enable Two-Factor Auth” option from the bottom bar.

Two Factor Authentication: TOTP Configuration - EasyDCIM Documentation

Setting up the “Time-Based One Time Passwords” submodule is simple and involves scanning a QR code using a special “Google Authenticator” app on your phone. Then, after clicking “Save Changes”, you will be transferred to the form confirming the configuration. In the form, you will need to provide an appropriate code generated in the “Google Authenticator” application and then save the Backup Code in a safe place. After saving the data, an additional layer of security will be active for the currently logged in administrator account.

Two Factor Authentication: Account QR Code Scanning - EasyDCIM Documentation

Additional configuration

By default, the module does not enforce an additional security layer for all administrator accounts in the system. To enforce the use of an additional security layer, set the “Force to Use” option to “Yes” in the Configuration tab and then save the changes. With this configuration, each administrator logging into the backend section will be forced to activate an additional security layer.

Two Factor Authentication: Global Configuration - EasyDCIM Documentation

Disable two factor authentication

To disable the additional security layer feature for a particular administrator, click on the avatar of your account in the upper right corner and then select “Disable Two Factor Authentication.” In the form that will appear on the screen, you need to enter your current administrator account password to verify your information. Note that the additional security layer can be disabled only if the “Force To Use” option has been previously disabled.

Sessions

The “Sessions” section presents the current login sessions for all administrators in the system. Each session can be manually terminated by the administrator using the appropriate “Delete” option available in the table.

The default duration of each administrator login session is 12 hours. To change this value, go to the “Configuration” tab and, in the “Session Lifetime (in hours)” field, specify the required session duration. The minimum session duration is one hour. When the session duration is exceeded, the system will automatically terminate the outdated login sessions.

Two Factor Authentication: Login Sessions - EasyDCIM Documentation