From the October release 2020 the Meridix Platform support two-factor authentication through e-mail (SMTP), OTP (Authenticator apps such as Microsoft Authenticator or Google Authenticator) or SMS (twilio (SMS SaaS vendor)), or SMPP (smpp).
The following providers are available: otp, twilio, smpp and email and the configuration is done through the standard property provider system. The 2FA can be configured on system-, reseller-, or customer level but not on the user level.
The system can and should have at least two providers set (not required). To disable 2FA completely do not set any providers at all.
Property key | Valid values (bold=default) | Description |
|---|---|---|
security.two_factor_authentication_required | true | false | Should the system enforce two factor authentication on system/reseller/customer level |
security.two_factor_authentication_scope | none | all | admin | system | system-admin | For who should the system enforce two factor authentication. Options: all | admin | system. Is only used when [security.two_factor_authentication_required] is set to tru |
security.two_factor_authentication_provider_types | email|otp|twilio|smpp | The enabled two factor authentication provider types delimited by |. Options: twilio (SMS), email (SMTP). Note that the order is important i.e. if both twilio and smpp is configures the first one will be used for SMS. |
security.two_factor_authentication_valid_for_minutes | -1 | integer | The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped. |
Configuration example
<!-- For who should the system enforce two factor authentication. Options: all | admin | system | system-admin -->
<add key="security.two_factor_authentication_scope" value="all" />
<!-- The two factor authentication provider type. Options: twilio (SMS), email (SMTP) -->
<add key="security.two_factor_authentication_provider_types" value="email" />
<!--
The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped.
-1 will force 2fa on every login
-->
<add key="security.two_factor_authentication_valid_for_minutes" value="-1" />
Providers
twilio
A provider for sending SMS using Twilio. Requires an account in twilio that will be used. The required properties for the twilio provider is listed below.
<add key="twilio.account_sid" value="AC089df37bc21bd4f6d************"/> <add key="twilio.from_number" value="+12183*******"/> <add key="twilio.token" value="3781c88e7e1989a799********"/>
A provider for sending E-mails using the standard SMTP service in Meridix. No additional properties needed other than the standard SMTP configuration.
smpp
A provider for sending SMS using an SMPP server (needs to be provided by the customer). The required properties for the smpp provider is listed below.
<add key="smpp.host" value="host or IP" /> <add key="smpp.system_id" value="system-id-here" /> <add key="smpp.password" value="password-here" /> <add key="smpp.port" value="port-here" /> <add key="smpp.system_typ" value="system-type-here" /> <add key="smpp.default_service_type" value="default-service-type-here" /> <add key="smpp.source_phone_number" value="source-number-here" /> <add key="smpp.remove_country_code" value="true|false" />
Some SMPP servers do not support country code prefixes in the phone numbers set smpp.remove_country_code to true to support such scenarios.
To configure the SMPP in general, we need the host IP, password, port, and source phone number.