Configure Two-Factor Authentication (2FA) for Admin

Why you need to configure Two Factor Authentication (2FA) for Admin?

When you are considering authentication, admin is the first person which needs to be authenticated. The reason behind is admin handles multiple user data. So along with admin(Self) users security is also dependant upon the admin only. The basic tarditonal authentication method (username and passeword) dosen't match the fast paced vulnerabilities going on in the cyber world. So to protect admin systems from such type of vulnerabilities miniOrange helps you to set additional authentication method which will add an extra layer of security while login to your admin system. This is done by configuring two-factor authentication(2FA) method.

You can set 2FA methods differently for admin and users. By configuring 2FA for admin, admin system will head up with higher security. miniOrange helps you to integrate 2FA for your admin system easily with 15+ 2FA methods. You can choose from any of the methods (KBA,OTP over SMS/email,Google authenticator,Yubikey,Push notifications,Out of Band etc) and secure your admin system. Given below is the guide to setup two-factor authentication for admin with multiple demonstrations.

Setup 2FA for admin

  • Log in to the miniorange Admin Console.
  • From your admin dashboard in the left navigation bar, select "2- Factor Authentication", click on Configure 2FA.
  • Select Two-Factor Authentication(2fa) Different 2fa methods for admin
  • Select one method that you would like to set or change as 2FA.
  • As you will select the option you can customize settings according to your way.

1. KBA (Security Questions)

    In this 2FA-method, user answers some knowledge-based security questions and customise one question which are only known to him to authenticate himself.

  • Click on Security Questions.
  • select KBA as your 2FA method Configure KBA method for admin
  • Here you need to select 2 questions and answer them. And write the customized question and answer it.
  • Click on save.
  • You will see that your 2FA method is active now, indicated by the green Reconfigure tab.
  • KBA method activated
  • Enable the second factor checkbox and click on save.
  • enable 2fa for admin
  • To confirm whether the 2FA is been activated, sign out and sign in again.
  • After entering your username and password you will be redirected to the below page:
  • Verify your identity as an admin
  • Answer your KBA question and click on verify.
  • You will see the admin(your) dashboard.
  • KBA method for admin successfully configured
  • In this way you have successfully configured KBA as your 2FA method.
  • Similarly you can configure other methods also.

2. OTP over SMS Method

    In this 2FA(Two Factor Authentication) method, User receives an OTP over SMS containing a 6-8 numeric key. You need to follow the given steps to enable it in your (admin) plugin for end users security.

  • Click on OTP over SMS in Configure 2FA tab to configure this method.
  • select OTP over SMS method for admin configure OTP over SMS 2FA method
  • Now add your mobile number on which you want to receive the OTP.
  • Then click on save.
  • configure and save otp over smsotp over sms is active now
  • As you can see that the Reconfigure tab of OTP over SMS method is turned green, that means it is active.
  • Enable second factor if not done before.
  • Then click on save.
  • Enable 2fa for admin
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to below page:
  • Enter the OTP received on the phone and click on verify.
  • verify your identity
  • If you are redirected to your dashboard, you have successfully configured OTP over SMS as your 2FA method.
  • successfully login to miniorange dashboard

3. Out of Band SMS method

    In this 2FA method, User is sent a message with accept or deny link.

  • Click on Out of Band SMS in Configure 2FA tab to implement this method.
  • select Out of Band SMS 2FA method configure Out of Band SMS for admin
  • Add phone number in the Phone field to get accept or deny link.
  • Then click on save.
  • configure and save Out of Band SMS active Out of Band SMS method
  • As in the above method the reconfigure tab is turned green that means it has successfully been activated.
  • Now Enable second factor if not done before and click on save.
  • enable two-factor authentication for admin
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to below page:
  • Prove your identity as an admin
  • Click on Accept or Deny link that you have received on your phone.
  • On clicking on accept link you will be able see your dashboard which means you have successfully configured Out of BAND SMS method.
  • 2FA login done successfully

4. Mobile Authentication (QR)

    The process of Mobile Authentication works such  as, a user needs to scan the barcode from his mobile using the miniOrange Authenticator app to proceed.

  • Click on MOBILE AUTHENTICATION in Configure 2FA tab to activate this method.
  • select MOBILE AUTHENTICATION install miniorange authenticator
  • To set this method you need miniOrange Authenticator app installed on your smartphone. The link for the same is given in step 1. in above page.
  • Link to download miniOrange authenticator app
  • Here you will see 3 different method to install.
  • Choose any of your choice.
  • After installation of the app you need to scan the QR code of register your device.
  • Then click on save.
  • Select QR code 2FA method MOBILE AUTHENTICATION is active
  • In the above method the reconfigure tab is turned green that means it is now active.
  • Next step is to Enable second factor if not done before.
  • enable 2fa for admin
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to below page:
  • verify your identity
  • Scan the QR Code to test this authentication method in miniOrange Authenticator app.
  • If you are redirected to your dashboard, you have successfully configured MOBILE AUTHENTICATION 2FA method.
  • 2FA login done successfully

5. PUSH NOTIFICATIONS method

    The process of PUSH Notifications works as, the user receives a push notifications on his mobile which he needs to ACCEPT | DENY.

  • Firstly, click on " 2-Factor Authentication"  tab in the left  panel of your screen.
  • Click on PUSH NOTIFICATIONS in Configure 2FA tab to enable this method.
  • select PUSH NOTIFICATION 2FA method install miniorange authenticator
  • To set this method you need miniOrange Authenticator app installed on your smartphone. The link for the same is give in step 1. in above page.
  • link to download authenticator app
  • Here you will see 3 different method to install.
  • Choose any of your choice.
  • After installation of the app you need to scan the QR code of register your device.
  • Then click on save.scan QR code activate PUSH NOTIFICATIONS for admin
  • In the above method the reconfigure tab is turned green that means it is now active.
  • Next step is to Enable second factor if not done before and click on save.enable 2fa for admin
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to below page:verify youe identity as an admin
  • You will receive a push notification on the configured phone.
  • Click on Accept/Deny button to verify.
  • When you click on accept and if redirected to your dashboard it means you have successfully configured PUSH NOTIFICATIONS method.miniorange dashboard

6. SOFT TOKEN method

    A Soft Token is a piece of a two factor authentication security used to authorize the end user. In this method, User needs to enter the 6-8 numeric key from his mobile.

  • Click on SOFT TOKEN in Configure 2FA tab to configure this method.
  • select SOFT TOKEN 2FA method install miniorange authenticator
  • To set this method you need miniOrange Authenticator app installed on your smartphone. The link for the same is give in step 1. in above page.
  • Download link for miniOrange authenticator app
  • Here you will see 3 different method to install.
  • Choose any of your choice.
  • After installation of the app you need to scan the QR code of register your device.
  • Then click on save.
  • scan QRcode to activate 2FA method SOFT TOKEN method is active now
  • In the above method the reconfigure tab is turned green that means it is now active.
  • Next step is to Enable second factor if not done before and click on save.
  • enable 2fa for admin
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to below page:
  • verify your identity
  • Here you need to enter the 6 digits code generated in your registered miniOrange Authenticator app.
  • Then click on verify.
  • If you are redirected to your dashboard, you have successfully configured SOFT TOKEN 2FA method.
  • Soft token 2FA method successfully

7. OTP Over EMAIL method

    In "OTP Over Email" 2FA method, User receives an email containing a 6-8 digit numeric key which he needs to enter to use services which are granted to him.

  • Click on OTP OVER EMAIL in Configure 2FA tab to enable this method.
  • select OTP OVER EMAIL configure OTP OVER EMAIL
  • Here you just have to click on Save since the Email Id specified is the one you have registered from.
  • configure and save OTP OVER EMAIL OTP OVER EMAIL is active
  • In the above method the reconfigure tab is turned green that means it is now active.
  • Next step is to Enable second factor if not done before and click on save.
  • enable 2fa for admin authentication
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to below page:
  • verify your identity
  • Enter the OTP received on the email address specified and click on Verify OTP.
  • verify OTp to authenticate
  • When you click on verify and if redirected to your dashboard it means you have successfully configured OTP over Email method.
  • miniOrange dashboard

8. OUT OF BAND EMAIL method

    In "OUT OF BAND EMAIL" 2FA  method, User receives an email with a link which he needs to click to accept|deny the transaction.

  • Click on OUT OF BAND EMAIL in Configure 2FA tab to activate this method.
  • select OUT OF BAND EMAIL 2FA method configure OUT OF BAND EMAIL 2FA for admin
  • Here you just have to click on Save since the Email Id specified is the one you have registered from.
  • Then click on save.
  • configure and save OUT OF BAND EMAIL OUT OF BAND EMAIL is active
  • In the above method the reconfigure tab is turned green that means it is now active.
  • Next step is to Enable second factor if not done before.
  • Then click on save.
  • enable 2-factor authentication for admin
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to below page:
  • Prove your identity as an admin
  • You will receive an Email on the Email specified in above with Accept or Deny link.
  • When you click on accept link and if redirected to your dashboard it means you have successfully configured OUT OF BAND EMAIL.
  • Authentication done successfully

9.Google Authenticator

    In this method, User needs to enter 6 digits passcode generated by Google Authenticator app.

  • Click on GOOGLE AUTHENTICATOR in Configure 2FA tab to configure this method.
  • select GOOGLE AUTHENTICATOR method configure 2FA GOOGLE AUTHENTICATOR method
  • For the installation of this method you first need to install the google authenticator app by clicking on the link in step 1.
  • install GOOGLE AUTHENTICATOR
  • Here you will see 3 different method to install.
  • Choose any of your choice.
  • Choose 2FA method of your choice
  • After installation of google authenticator app, register to device by scanning the QR code in the app.
  • Then Click on save.
  • scan QR code GOOGLE AUTHENTICATOR method is active
  • In the above method the reconfigure tab is turned green that means it is now active.
  • Next step is to Enable second factor if not done before.
  • Then click on save.
  • enable 2-factor authentication for admin
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to below page:
  • verify your identity as an admin by submitting OTP
  • Here you need to enter 6 digits code from your google authenticator app.
  • And then click on verify.
  • Click on verify to get 2FA done
  • If you are redirected to your dashboard it means you have successfully configured GOOGLE AUTHENTICATOR 2FA method.
  • Google Authentication done successfully

10. YUBIKEY hardware Token

    "YUBIKEY hardware Token" is a  2fa verification method, in which a user needs to connect a USB into his computer which generates token in the form of an alphabetic key. This process works with the combination of an OTP & hardware tokens.

  • Click on YUBIKEY Hardware Token in Configure 2FA tab to enable this method.
  • select YUBIKEY Hardware Token 2FA method for admin configure YUBIKEY Hardware Token
  • Firstly, you need to connect the yubikey hardware through the USB port.
  • Click on the Enter OTP tab.
  • click on enter otp
  • Now hold the hardware, otp will be automatically added in this field.
  • And you would be redirected to the configure 2FA field.
  • hold YUBIKEY Hardware Token YUBIKEY Hardware Token method is activated for 2-Factor Authentication
  • In the above method the reconfigure tab is turned green that means it is now active.
  • Next step is to Enable second factor if not done before.
  • Then click on save.
  • enable two-factor authentication for admin
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to below page:
  • verify your identity as an admin to system
  • Here you need to select the Enter OTP field.
  • Select OTP field
  • Press the Hardware token to get the key automatically.
  • Press hardware token to get key
  • If redirected to your dashboard it means you have successfully configured Yubikey Hardware Token 2FA method.

11. Microsoft Authenticator

    In this method, User needs to enter 6 digits passcode generated by Microsoft Authenticator app.

  • Click on Microsoft Authenticator in Configure 2FA tab to configure this method.
  • select Microsoft AUTHENTICATOR 2FA method
  • For the configuration, you first need to install the Microsoft authenticator app by clicking on the link in step 1.
  • Install Microsoft Authenticator app
  • After installing application it will ask you to Add account. Select the type of your account (Google, Personal account)
  • Register your device by scanning the QR code in the Microsoft Authenticator app.
    (If you dont want to scan QR code you can enter Secret Key manually).
  • Scan QR code to register device for authentication
  • Once you register your device, your app will start showing One-time Password code(code varies in every 30 seconds).
  • Enter One-time Password code and click on Save button.
  • Enter passcode generated by Microsoft Authenticator App
  • You can see the message "Your configurations have been saved successfully" in green.
  • Now Enable second factor toggle if not done before and click on save.
  • 2FA Configuration Done
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to 2-Factor Authentication Page
  • Here you need to enter 6 digits code from your Microsoft authenticator app.
  • And then click on verify.
  • Enter OTP generated from Microsoft Authenticator
  • If you are redirected to your dashboard it means you have successfully configured Microsoft Authenticator 2FA method.
  • Microsoft 2FA authentication for admin done successfully

12.OTP over SMS and EMAIL

    In "OTP Over SMS and Email" 2FA method, User receives 6-8 digit numeric key OTP via EMAIL and SMS both. User need to enter this numeric OTP to use services which are granted to him.

  • Click on OTP over SMS and EMAIL in Configure 2FA tab to configure this method.
  • Select otp over email and sms 2FA method
  • Now add your mobile number and email on which you want to receive the OTP.
  • Then click on save.
  • Add your mobile number and email for OTP
  • You can see the message "Your configurations have been saved successfully" in green.
  • Now Enable second factor toggle if not done before and click on save.
  • Enable two-factor authentication
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to 2-Factor Authentication Page.
  • Now you will receive OTP via both SMS and EMAIL. Enter the OTP receivedand click on Verify button.
  • Enter OTP and verify admin authentication
  • If you are redirected to your dashboard it means you have successfully configured OTP over SMS and EMAIL 2FA method.
  • 2FA for admin configuration done

13. Phone verification

    In "Phone Verification" 2FA method, User receives a call telling a 4-8 digit numeric key which user need to enter to authenticate and use services which are granted to him.

  • Click on Phone verification in Configure 2FA tab to configure this method.
  • Select Phone Verification 2FA method for admin system
  • Now add your mobile number on which you want to receive the OTP via call.
  • Then click on save.
  • Enter mobile number to receive OTP via call
  • You can see the message "Your configurations have been saved successfully" in green.
  • Now Enable second factor toggle if not done before and click on save.
  • Enable 2FA for admin and Save
  • To verify the second factor sign out and sign in again.
  • It will ask you Username and password. After that it is redirected to 2-Factor Authentication Page
  • Now you will receive OTP via Phone call. Enter the OTPand click on Verify button.
  • If you are redirected to your dashboard it means you have successfully configured Phone Verification 2FA method.
  • Phone verification for admin done successfully