Versions Compared

Old Version 6

changes.mady.by.user Documenter

Saved on

compared with

New Version 7

changes.mady.by.user Documenter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt
hiddentrue

As an extra layer of security, two-factor authentication has been implemented for CMS User logins. If set up for a User, they are required to enter their password and verify their login by entering a PIN (passcode) generated by an authenticator app. 

As an extra layer of security, two-factor authentication is now available for CMS User logins. When it is active , for a User is , they are required to enter their password and verify the login through a PIN (passcode) generated by an authenticator app such as Authy, Microsoft Authenticator or Google Authenticator on another on their personal device. This two step procedure is designed to ensure that the person logging into the CMS is the owner of that account.     

...

There are two ways to activate two-factor authentication

...

for a User. CMS Administrators can

...

turn it on

...

in a CMS User account so the process is mandatory (forced) for that User. Or a User can decide to opt in voluntarily and set it up

...

          

Info

To use two-factor authentication, a User must have the following ready:

  • an authenticating device: this is usually a personal device the User has access to during the login process, e.g., a their smartphone, and
  • an Authenticator app installed on it.the device.

There are a number of third party Authenticator apps available and free that Users can easily download to their personal devices. Some common ones are Authy, Microsoft Authenticator, and Google Authenticator. NOTE - The authenticating procedure may vary slightly for different apps.  

Two-factor authentication and CMS login procedures

Table of Contents
minLevel3

...

Initial setup

...

for forced User

When two-factor authentication has been set as mandatory switched on for a User by the Administrator, they will be asked to set up the two-factor authentication when they next attempt to login. Once the User has successfully set up the procedure, the authenticator app will save the CMS authentication account for future logins. At each subsequent login, they just have to open the app on the same device and nominate the account they are logging into. A PIN will automatically be generated.


Procedure for User: 

  1. At the CMS login screen, enter your Username and Password. 

  2. Instead of being logged in, the Authentication popup displays. 
  3. Open the Authenticator authenticator app on your authentication authenticating device.

  4. Either scan the QR Code or manually enter type in the Manual Entry Key. NOTE - if the 'Manual Entry Key' option is used, ensure 'Time-Based' is selected when options are givenif you are asked to select a 'Type of Key' option.

  5. The Authenticator authenticator app generates a PIN that expires in a set amount of time. Enter this PIN in the Authentication popup.

  6. , Click Verify and Login. If the PIN is valid and has not expired, login , access to CMS will be successful. The Authenticator app saves the authentication account for future CMS logins.granted. 

Anchor
UserSetup
UserSetup
Initial setup for

...

Opt-in User

A User can optionally add two-factor authentication to their CMS login process. To set this up the process, they must be logged in to CMS.

  1. In the CMS, hover over the Person Icon icon on the top right corner of the screen.

  2. Select In the menu displayed, select Manage Account.
    Click Image Added

  3. In the Manage Account screen, click the Two-Factor Authentication Setup button.  
  4. Using the authentication In the Setup Two-Factor Authentication screen, you will see a generated 'Manual Entry Key' and a 'QR Code'. In your authenticating device, open the authenticator app and either scan the QR Code or manually enter type in the generated Manual Entry Key. NOTE - if the 'Manual Entry Key' option is used, ensure 'Time-Based' is selected if options are givenyou are asked to select a 'Type of Key' option.
    Image RemovedImage Added

  5. The Authentication Authenticator app generates a PIN. Enter this PIN in Verify Setup by Entering Authenticator App PIN.

  6. Click Verify and Save. Authentication is complete. If the PIN is valid, setup is successful and authentication is complete. A popup error message will display if the PIN is invalid.  

Subsequent logins

Once a User has successfully set up their two-factor authentication with the initial login, the Authenticator authenticator app saves the authentication account for CMS login. At the next login attempt, the User just has to go to the CMS login account in the open the Authentication app to retrieve the current a valid PIN. This PIN is required entered after the User enters their Username and /Password step

 

Failed logins

  • After five failed attempts, the User The User has five attempts at logging in. After the fifth failed attempt, they will be locked out for an hour.  

Password changes

  • A If two-factor authentication is active for the User, a Password change by the User must be authorised by entering the current generated a valid PIN.

To change their the CMS password,

  1. While logged into CMS, the User selects Manage Account ( hover over the Person IconImage Added icon on the top right corner of the screen)..

  2. In the menu displayed, select Manage Account.
    Image Added
  3. In the 'Change Password' screenpanel, they enter the required the Current/New Password details as well as the current generated PIN from their Authenticator app.
    Image Removed 

...


  1. Image Added 

  2. In Two-Factor Authentication Required, enter a valid PIN from the authenticator app.

  3. Click Change Password.

Authentication resets

Reset by User

A logged in An authenticated User can reset their authentication . For example, a User may wish to change to another Authenticator app. Once the new setup is completed, it when logged in CMS. To reset authentication, just follow the steps for a Initial setup for Opt-in User. Once the procedure is completed, the new authentication will automatically replace the old one. To reset authentication, just follow the steps for a User-added Setup.   

Loss of

...

authentication account access

If the authenticator application a User's current authentication account is no longer available, e.g., the device is lost, the User they must contact Commerce Vision and ask for an account reset. Their CMS User account will be reset to allow the User to Once the current authentication is deleted, the User can set up two-factor authentication again when they next attempt to login (if two-factor authentication has been set as mandatory by the CMS Administrator) or by the User accessing the Two-factor Authentication feature once they are logged in with their Username and Password. (See Reset by User.)


Force two-factor

...

authentication on a User

CMS Administrators can force make two-factor authentication on mandatory for Users. This must be set enabled individually for each User in their CMS User individuallyaccount


To turn on two-factor authentication for a User,

  1. Navigate to UsersCMS Users.

  2. Use the User Search tool to find the User and click Edit

  3. Scroll down to the Two-Factor Authentication section.

  4. Toggle ON Override Forced Global Two Factor State.
     Image Removed
    Image Added

  5. Once Override Forced Global Two Factor State is enabled, the User Specific Override toggle will be displayed. Toggle this ON. 

    Image Added
  6. Click Save & Exit.

Related help

Content by Label
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
reversetrue
typepage
excludeCurrenttrue
cqllabel = "user-cms" and type = "page" and space = "KB"
labelshow-to cms