Versions Compared

Old Version 1

changes.mady.by.user Documenter

Saved on

compared with

New Version 2

changes.mady.by.user Documenter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview
 

Info

At present, two-factor authentication is not applied globally to all Users but is optionally set up for Users. 

Excerpt
hiddentrue

As an extra layer of security, two-factor authentication has been implemented for CMS User loginlogins. If set up , this means that for a User is , they are required to enter their password and verify the login through an additional application such as Google Authenticator or Duotheir login by entering a PIN (passcode) generated by an authenticator app

As an extra layer of security, two-factor authentication has been implemented is now available for CMS . It is designed to ensure that the User logging into the CMS is the person who owns that account. When set upUser logins. When it is active, a User is required to enter their password and verify the login through an additional application a PIN generated by an authenticator app such as Authy, Microsoft Authenticator or Google Authenticator or Duo.   on another device such as their smartphone. This two step procedure is designed to ensure that the person logging into the CMS is the owner of that account.    

Info
  • Two-factor authentication is currently an option CMS Administrators can force (turn on) for individual CMS Users or it can be self-added by the User. 
  • A User must have an authenticating device, e.g., a smartphone and an Authenticator app installed on it.

What two-factor authentication means for CMS login procedures

Table of Contents
minLevel3

User logins

Initial setup when forced

When two-factor authentication

...

has been set

...

as mandatory for a User

...

by the Administrator, they will be asked to set up the two-factor authentication when they next attempt to login.

  1. At the CMS login screen, User enters enter your Username and Password. 
  2. Depending on the authentication method in place, the User accesses their device to retrieve a pin that must be entered or approves the login through an app. 


  4. Instead of being logged in, the Authentication popup displays. 
    Image Added
  5. Open the Authenticator app on your authentication device.

  6. Either scan the QR Code or manually enter the Manual Entry Key. NOTE - if the 'Manual Entry Key' option is used, ensure 'Time-Based' is selected when options are given.

  7. The Authenticator app generates a PIN that expires in a set amount of time. Enter this PIN in the Authentication popup.

  8. , Click Verify and Login. If the PIN is valid and has not expired, login will be successful. The Authenticator app saves the authentication account for future CMS logins.
Anchor
UserSetup
UserSetup
Initial setup when User-added

A User can optionally add two-factor authentication to their CMS login. To set up the process, they must be logged in to CMS.

  1. In CMS, hover over the Person IconImage Added icon on the top right corner of the screen.

  2. Select Manage Account.

  3. Click the Two-Factor Authentication Setup button.  
    Image Added
  4. Using the authentication device, open the authenticator app and either scan the QR Code or manually enter the generated Manual Entry Key. NOTE - if the 'Manual Entry Key' option is used, ensure 'Time-Based' is selected if options are given.
    Image Added

  5. The Authentication app generates a PIN. Enter this PIN in Verify Setup by Entering Authenticator App PIN.

  6. Click Verify and Save. Authentication is complete. 
Subsequent logins

Once a User has set up their two-factor authentication with the initial login, the Authenticator app saves the authentication account for CMS login. At the next login, the User just has to go to the CMS login account in the Authentication app to retrieve the current PIN. This PIN is required after the User enters their Username and Password. 

Image Added 

Failed logins

  • After five failed attempts, the User will be locked out for an hour.  

Password changes

  • A password Password change by the User must be authorised by entering the current generated PIN... entering the current pin in their setup authenticator application

Authenticator reset

  • User reset: An

To change their password,

  1. While logged into CMS, the User selects Manage Account (top right corner of the screen).
  2. In the 'Change Password' screen, they enter the required the Current/New Password details as well as the current generated PIN from their Authenticator app.
    Image Added 

Authenticator resets

Reset by User

A logged in authenticated User can reset their

...

authentication.

...

For example, a User may wish to change to another Authenticator app. Once the new setup is completed, it will automatically replace the old

...

one. To reset authentication, just follow the steps for a User-added Setup.  

Loss of authenticator application

...

or access

If the authenticator application is no longer available, e.g., the device is lost, the User must contact Commerce Vision and ask for an account reset. Their CMS User account will be reset to allow the User to set up two-factor authentication again

...

when they next attempt to login (if

...

Set User-level two-factor authentication

...

two-factor authentication has been set as mandatory by the CMS Administrator) or by the User accessing the Two-factor Authentication feature once they are logged in with their Username and Password. (See Reset by User.)


Force two-factor authentication 

CMS Administrators can force two-factor authentication on Users. This must be set for each CMS User individually. 


Related help

Content by Label
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
reversetrue
typepage
excludeCurrenttrue
cqllabel = "user-cms" and type = "page" and space = "KB"
labelshow-to cms