Voci con l'etichetta :
Chiudi
Changelog
Chiudi

How to use two-factor authentication on portals?

Introduction

Wish to protect the data stored on your portal and prevent any unauthorized access? Then make use of an extra security level enabling the two-factor authentication. In this case if someone decides to hack into your ONLYOFFICE account even having your password he will need your phone to access it. This guide will explain how it works and how to enable this option.

For the SaaS version, the two-factor authentication with SMS is enabled by default when creating a new portal. The default SMS provider is selected depending on the portal region: smsc is used for CIS, Twilio is used for all other regions. You can add other available SMS providers later in the Settings -> Integration -> Third-Party Services section.

If you are using the server version, you first need to connect at least one SMS provider in the Settings -> Integration -> Third-Party Services section so that you can enable the Two-factor authentication option.

It's also possible to enable the two-step verification with authenticator apps.

To enable the two-factor authentication you must be the portal owner or full access administrator.

Connect an SMS provider to your portal

To connect an SMS provider,

  1. Enter your portal.
  2. Click the Settings Icon icon at the top of the page or open the Choose drop-down list next to your portal logo and choose the Apps option.
  3. Go to the Integration section and open the Third-Party Services page.
    How to use two-factor authentication on portals? How to use two-factor authentication on portals?
  4. In the list of third-party services, click the switcher next to Clickatell, smsc, or Twilio to open the window that contains integration settings for this service.
  5. Now you need to specify the keys used to integrate the selected service with your portal. To obtain these keys follow the corresponding instructions:
    You can add more than one SMS provider. The SMS provider used on your portal is selected depending on the portal region: smsc is used for CIS, Clickatell and Twilio are used for all other regions.
  6. Once you paste the necessary keys to the corresponding fields, click the Enable button to save the settings.
How to use two-factor authentication on portals? How to use two-factor authentication on portals?

When the SMS provider is added, you can proceed to the next step.

SMS messages can be sent if you have a positive balance only. You can always check your current balance in your SMS provider account. Do not forget to replenish your balance in good time.

Enable the two-factor authentication

To set up the two-factor authentication,

  1. In the portal settings, go to the Security section and open the Portal access page.
  2. Go to the Two-factor authentication section and
    • click the By SMS radiobutton to use the SMS verification, or
    • click the By authenticator app radiobutton to use an authenticator app.
  3. Click the Save button below the Two-factor authentication section.
How to use two-factor authentication on portals? How to use two-factor authentication on portals?

That's all. The two-factor authentication is enabled.

Access your online office account using SMS verification

When the two-factor authentication with SMS is enabled, the sign-in to the online office account process will work a little bit differently and include two steps:

  • Step 1 - Enter your credentials: email and password as usual.
  • Step 2 - Enter a six-digit verification code received via SMS.
The sent code is valid for 10 minutes. To resend a verification code, use the Send code again button, but no more often than 5 times per 5 minutes.

When you access your online office account for the first time after enabling the two-factor authentication, you will need to perform one more step: Specify the phone number you wish the SMS to be sent at. If necessary, you will be able to change it later at any moment on your profile page.

How to use two-factor authentication on portals? How to use two-factor authentication on portals?

To make the sign-in process more simple, your online office offers the possibility to remember that a particular browser was already successfully used for the two-factor authentication. So when you access your account for the second time using the same browser, it will ask you for your email and password only. But if you or someone else try to access your account from any other computer or browser, the verification code will be required. So your account will still be protected. The verification code will be also required when the two-factor authentication cookie has expired or if you decide to delete cookies from your browser.

Access your online office account using an authenticator app

When the two-factor authentication with an authenticator app is enabled, the sign-in to the online office account process will work a little bit differently and include two steps:

  • Step 1 - Enter your credentials: email and password as usual.
  • Step 2 - Enter a six-digit verification code or a backup code generated by the authenticator app.

To access the portal for the first time after enabling the two-factor authentication:

  1. Enter your regular credentials to access the portal. The QR code and your secret key are displayed at your portal login confirmation page.
    How to use two-factor authentication on portals? How to use two-factor authentication on portals?
  2. Install an authenticator app on your mobile device. You can use Google Authenticator for Android and iOS or Authenticator for Windows Phone.
  3. Open the authenticator app on your mobile device and configure it in one of the following ways:
    • Scan the QR code displayed in the browser, or
    • Manually enter your secret key displayed in the browser,
  4. At your portal login confirmation page, enter a 6-digit code generated by your application,
  5. Click the Connect app button.

Then you will be redirected to your profile page where the backup codes will be displayed in a new window. You can use the backup codes when you don't have access to your mobile device. Print the backup codes clicking the corresponding button and use them when necessary. To get new codes you can use the Request new button. Only codes which was generated last are valid. It's also possible to connect a new authenticator app using the corresponding link at your profile page.

When you access your account for the next time, you will be asked you for your email and password as well as for a verification code. You can use either a code generated by the application or a backup code.

How to become a ONLYOFFICE translator?
Chiudi
Try now for free Try and make your decision No need to install anything
to see all the features in action
Ti potrebbe essere d'aiuto anche...
Chiudi