Two-Factor Authentication

Prerequisites

Create User

Go to 'Users' module in Admin Panel.

-Click on 'Create User'. -Enter the required information. -Click on the Two-factor authentication checkbox. -Choose a Two-Factor Authentication interface. -Click on 'save'.

Google Authenticator App

It is an application based on Two-Factor Authentication (2FA) that helps to verify user identities before granting them access to websites and services.

-Go to the Play Store. -Download a Google Authenticator app.

1. Device Enrollment

The first time a user attempts to log in to an account with 2FA enabled or required, they will be presented with a QR code to add the two-factor configuration to their device. They need to scan the QR code from the Google Authenticator or Authy apps and enter the verification code.

Google Authentication

-Enter Email and password on Suitecrm's login page. -Scan the QR(Through the authenticator app). -Enter the code. -Click on submit. -You will be redirected to the user’s account.

Email Interface

Two-factor authentication is a proven way of securing Logins, adopted by all the leading software providers. SuiteCRM's 2FA enables you to stay in line with all the other major companies that implemented the same way for additional protection.

Enter the Email and password.

The secret key is sent to your given email address.

If the login user does not have an email given in to their profile, Then the user needs to provide the email first so that verification code can be sent to that email id.

3. Reset device

When the reset button is clicked, a reset email is sent to the registered email address that was given while creating a user.

Clicking on the link given in the email will redirect you to the login screen. Enter the username and password there. It will redirect you to the device registration screen where you can scan the bar-code.

4. Remember Me

'Remember Me' feature has been introduced to reduce the amount of 2FA prompts presented to the end-user. 'Remember Me' functions by using a cookie to identify the device/browser being utilized by the end-user. This feature retains security by forcing the end-user to mark the device as trusted after successfully validating 2FA. It will work for both Interfaces Google Authentication and Email Interface.

If the user has lost the devices or browsers are not secure/trusted anymore, the user can remove the devices from the user's profile.

After removing the device information from the profile, the user has to again follow 2FA process for the particular device

Important Note

Users will still be forced to do full 2FA if they are using an Incognito/InPrivate window OR if they clear the cookies from the browser.