Two-Factor Authentication Guide

Control > Settings > SMS Provider Profiles > Add

If you enabled the ‘Use SMS Two-Factor Authentication’ on the Login Profile then you will need to set up an SMS Provider Profile.

Without that profile set up, users will not be able to receive the SMS and code required for their authentication.

Note: only TXT Local is currently supported as the SMS Provider.

Fields:

• Name: Enter the Name you wish to call this SMS Provider Profile
• Description: Enter a brief description of the profile or any additional information which outlines the purpose of the profile
• SMS Provider (TXT Local): System field only, displays SMS Provider
• API Key: Enter your API Key from the Control Panel on TXT Local
• Test Mobile Number: Enter a test mobile number for sending out a test SMS message. If no mobile number is entered then no test will be sent. The number must start with the international prefix. The test message will be sent immediately, and the phone number removed. You will need to re-enter the mobile phone number for each test.

You can generate the API from the (Settings > API Keys) screen on TXT Local dashboard.

Click on Create New Key:

Leave blank and Save New Key:

Copy and paste the newly created API Key to the API Key field in the profile:

My Account > Security > Two-Factor Authentication + Mobile Verification

When a user navigates to their My Account page they will see the Security option.

Clicking on the Security link will display the Two-Factor Authentication and Mobile Verification options.

This screen gives the ability to users to manage whether they want to use the 2FA tool. It is only visible if the 2FA is enabled on the Login Profile.

Users can also verify their mobile phone if they wish to use the 2FA via SMS.

After a user clicks on Verify, an SMS message will be sent.

The code is input and the Verify Code button is clicked:

The user now has their mobile number verified:

Users can also delete the number by clicking on the ‘Remove Number’ option:

Note: this screen will only be available to the users set in the ‘Security Groups’ option on the Login Profile.

Once a user enables 2FA on the (My Account > Security) page, they will be shown a Two-Step Authentication screen when they try to login.

Either one screen or both (Email Two-Factor Authentication / SMS Two-Factor Authentication) will be displayed, based on the selection made on the Login Profile and the users choice on the (My Account > Security) page.

Once they select an option, the code input screen will shown:

When the correct code is input, the success screen is displayed:

- and the user is redirected to the site.

Control > Security > User Security > Audit

When user has verified their mobile number via SMS and their device via email, two new data points will be displayed on the Audit panel within the User Security detail screen:

When successfully logged in, Affino will save the browser string and date as a Saved Device.

Affino also lists the saved device per contact when they use the Two-Factor Authentication to log in. 

The browser string and date are stored on the Saved Devices panel:

Control > Security > Login Profiles > (Add/Edit) > Two-Factor Authentication > Enforce Security Group

If a user is part of the Enforce Security Group, next time they login, they will be redirected to the (My Account > Security) screen:

When they logout and log back in again, the Two-Step Authentication screen will be displayed to the user:

In essence, the users set in the Enforce Security Group are obligated to use 2FA.

Control > Promote > Conversion Events

There are 2 Conversion Events that can track which users have successfully verified their mobile and their login by using the 2FA.

1.-  Two-Factor Mobile Verification Successful

2.-  Two-Factor Authentication Successful 

Both Conversion Events will trigger when the codes are accepted on the display side.