Overview
Previously in NC8 the Google Authenticator option was only possible as part of a script being added as part of the install. However, in NCX, this has changed where the Google 2FA is now been implemented directly into the code, offering a quick, free and simple way to securely lockdown the access to the NetConnect environment.
Pre – Requisites
• A configured AD stage
• Google Authenticator App
How to Config the 2FA
The Google Authenticator can be used as the 2nd stage of authentication for the NetConnect environment. The process would involve a user passing the AD stage using their standard domain credentials and then being prompted to enter the code that appears on the Google Authenticator App. Note, this code refreshed every 30 seconds.
Please note to configure this stage, you must already have a AD stage config stage setup already, so if you don’t already have this, you can find the information out here
To configure the stage, follow the below steps;
1) Login to the admin portal and navigate Authentication > Authentication Stages
2) Select the Create option and then the MFA option.
3) Enter the following details;
• Authentication Stage Name = Name of the authentication that will appear in the Admin portal
• Authentication Stage Description = The text that you wish to appear above the password prompt for the second stage. An example would be “Please enter the code located within the Google Auth App”. Please note this field is limited to 140 Characters
• Authenticator ID = Name that appears above the code within the Google Authenticator app, such as the name of your NetConnect environment.
After the information has been entered, select the Create button, followed by Set as Active. There should now be 2 stages set to active as shown below;
Logging into the App using 2FA
Now that the 2FA stage has been successfully configured, the next time the user tries to authenticate with the environment, they will be presented with the code that needs to be scanned into the app. Please note the Master Admin account is not affected by the 2FA and will not require a code to be able to authenticate.
Once this code has been scanned and added to the app, select the OK option to be prompted with the password field, which is where the code should be entered. Its also here the Stage description will be shown as well
After entering the credentials correctly, the user will have successfully authenticated and will be placed on their WebTop.
If the user loses their code
If the user loses their code they will no longer be able to authenticate to the environment and therefore will need the code reset.
To reset the code, navigate to Applications & Users > Users. Any user that has authenticated to this environment by 2FA will now have a key symbol next to their name. To reset a code for a particular user, simply select this icon and it will delete the current key, and the next time the user logs in, they will be presented with the code again.
Please also note that if a backup to the environment is restored, all 2FA users that were previously using the 2FA authentication will continue to use the same code.
