Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

On This Page

It is possible to set up the Google Authenticator service to provide your Multi-Factor Authentication for the Hosting Portal. This page explains how the service works and how to set it up for hosting.

What is Google Authenticator?

The following is taken from the Wikipedia Google Authenticator Page:

Google Authenticator is a software-based authenticator that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP; specified in RFC 6238) and HMAC-based One-time Password algorithm (HOTP; specified in RFC 4226), for authenticating users of mobile applications by Google.

When logging into a site supporting Authenticator (including Google services) or using Authenticator-supporting third-party applications such as password managers or file hosting services, Authenticator generates a six- to eight-digit one-time password which users must enter in addition to their usual login details.

Previous versions of the software were open-source but subsequent releases are proprietary.


The main benefits of using Google Authenticator are:

  • Uses the same secure method of creating one time passcodes that we already use for our current two factor.
  • It is completely free for us and the user.
  • No need to wait for an email, SMS, phone call.

The app is available for Android and iOS 

Prerequisites

The Google Authentication method must be added to the TwoFactorMethodConfigurations table and set to enabled. Setting this can only be done on the database. See Matt.G, James or Ian if you need this done.

Adding Google Authentication

There are two ways to allow a user to use Google Authentication.

User Profile - Add authentication to your own account

If available, you can set Google authentication for yourself on your User Profile Page. This can be accessed by mousing over your name in the the top right of the Hosting Portal and then clicking the "My Profile" drop down.

From the "My Profile" page click the "Edit button". This will display your profile details including your available and set authentication methods. Tick the "Google Authenticate" option and then "Save".

You will then be prompted to visit the authenticator settings page

You will notice that the profile page will now have a new button. Click the "Google Authenticate Settings" button.

In your authenticator app add an account and scan the shown QR code.

Enter the code shown into the confirmation box and click "Confirm". You will get a toast notification indicating whether adding the authentication was successful or not.

User management - Add authentication to another user

Note that this requires Pellcomp or Supervisor permissions.

In the "Manage Users" section, edit a user. The "Google Authenticate" option will show if it is available. Tick it to add it.

The next time the user logs in, they will be prompted to set it up using the profile method detailed above.

Removing Google Authentication

This can again be done in the the user profile or the manage users section. Simply un-tick the Google Authenticate option or click the remove authenticator option in the authenticator settings

How to use - The login process

The login process is pretty much the same as normal.

ADFS will ask for your username/password.

You will be prompted to select a two factor method. Note that if Google Authenticate is your only available option AND you have not yet set it up you will be allowed to select email as your two factor method. This will allow you to login so you can setup your authenticator.

For non Pellcomp users, if Google authenticate is your only available option and you have not set it up yet, you will be directed to and limited to the Profile section of the hosting site. A notification instructing the user to setup authentication will be shown.

  • No labels