The Dstny Analytics platform support two-factor authentication through the default methods e-mail (SMTP) and OTP (Authenticator apps such as Microsoft Authenticator or Google Authenticator). Additionally, SMS (twilio (SMS SaaS vendor)), and SMPP (smpp) methods are supported options. The configuration is done through the standard property provider system. The 2FA can be configured on system-, reseller-, or customer level but not on the user level. The system can and should have at least two providers set (not required). To disable 2FA completely, do not set any providers at all. Property key | Valid values (bold=default) | Description |
---|
security.two_factor_authentication_required | true | false | Should the system enforce two factor authentication on system/reseller/customer level. False means all the users can set up 2 factor authentication optionally from My account. | security.two_factor_authentication_scope | none | all| admin | system | system-admin | For who should the system enforce two factor authentication. NOTE: This is only in use when [security.two_factor_authentication_required] is set to true. Only one of the options below can be selected. Options: none = No users all = All users admin = All admin users (customer and system level) system = All system level users (reseller managers, system manager and system administrators) system-admin = All system administrators (not reseller manager and system managers) | security.two_factor_authentication_provider_types | email|otp|twilio|smpp empty = no 2FA support | The enabled two factor authentication provider types delimited by |. Options: otp = Use OTP Authenticator apps twilio = Use Twilios SMS service (see section below for required provider specific configuration) email = Use the default SMTP for sending the 2FA verification code smpp = SMPP server (see section below for required provider specific configuration). Info |
---|
Note that the order is important, i.e. if both twilio and smpp is configures the first one will be used for SMS. |
| security.two_factor_authentication_valid_for_minutes | -1 | integer | The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped. -1 will force 2FA on every login. |
Configuration example using basic.configThis is a configuration example for applying 2FA on system level. The code is applied in the app settings part of the basic.config file residing in the Meridix Platform (studio) installation folder. The example below will leave 2FA with email or OTP as optional for all users below system administrators, and enforced for system administrators. There will be a grace period of two hours from login with 2FA until it is needed again, unless the user actively logs out from Meridix Platform. In that case 2FA would be needed to log in again. Code Block |
---|
| <!-- The two factor authentication provider type. Options: twilio (SMS), email (SMTP) -->
<add key="security.two_factor_authentication_provider_types" value="email|otp" />
<!-- Should the system enforce two factor authentication -->
<add key="security.two_factor_authentication_required" value="true" />
<!-- For who should the system enforce two factor authentication. Options: all | admin | system | system-admin -->
<add key="security.two_factor_authentication_scope" value="system-admin" />
<!--
The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped.
-1 will force 2fa on every login
-->
<add key="security.two_factor_authentication_valid_for_minutes" value="120" /> |
ProviderstwilioA provider for sending SMS using Twilio. Requires an account in twilio that will be used. The required properties for the twilio provider is listed below. https://www.twilio.com/ Code Block |
---|
| <add key="twilio.account_sid" value="AC089df37bc21bd4f6d************"/>
<add key="twilio.from_number" value="+12183*******"/>
<add key="twilio.token" value="3781c88e7e1989a799********"/> |
emailA provider for sending E-mails using the standard SMTP service in Meridix. No additional properties needed other than the standard SMTP configuration. smppA provider for sending SMS using an SMPP server (needs to be provided by the customer). The required properties for the smpp provider is listed below. Code Block |
---|
<add key="smpp.host" value="host or IP" />
<add key="smpp.system_id" value="system-id-here" />
<add key="smpp.password" value="password-here" />
<add key="smpp.port" value="port-here" />
<add key="smpp.system_typ" value="system-type-here" />
<add key="smpp.default_service_type" value="default-service-type-here" />
<add key="smpp.source_phone_number" value="source-number-here" />
<add key="smpp.remove_country_code" value="true|false" /> |
Some SMPP servers do not support country code prefixes in the phone numbers set smpp.remove_country_code to true to support such scenarios. To configure the SMPP in general, we need the host IP, password, port, and source phone number. Frequently asked questionsQ: For how long is the 2FA code valid? A: 5 minutes Q: How many failed attempts are allowed and what happens after that? A: After three failed attempts, the user is redirected to the login page and needs to provide their password again. |