Configure Two-Factor authentication for Admin

Why you need to configure Two Factor Authentication (2FA) for Admin?

When you are considering authentication, admin is the first person which needs to be authenticated. The reason behind is admin handles multiple user data. So along with admin(Self) users security is also dependant upon the admin only. The basic tarditonal authentication method (username and passeword) dosen't match the fast paced vulnerabilities going on in the cyber world. So to protect admin systems from such type of vulnerabilities miniOrange helps you to set additional authentication method which will add an extra layer of security while login to your admin system. This is done by configuring two-factor authentication(2FA) method.

You can set 2FA methods differently for admin and users. By configuring 2FA for admin, admin system will head up with higher security. miniOrange helps you to integrate 2FA for your admin system easily with 15+ 2FA methods. You can choose from any of the methods (KBA,OTP over SMS/email,Google authenticator,Yubikey,Push notifications,Out of Band etc) and secure your admin system. Given below is the guide to setup two-factor authentication for admin with multiple demonstrations.

Setup 2FA for admin

Log in to the miniorange Admin Console.
From your admin dashboard in the left navigation bar, select "2- Factor Authentication", click on Configure 2FA.

Select one method that you would like to set or change as 2FA.

As you will select the option you can customize settings according to your way.

1. KBA (Security Questions)

In this 2FA-method, user answers some knowledge-based security questions and customise one question which are only known to him to authenticate himself.

Click on Security Questions.

Here you need to select 2 questions and answer them. And write the customized question and answer it.
Click on save.
You will see that your 2FA method is active now, indicated by the green Reconfigure tab.

Enable the second factor checkbox and click on save.

To confirm whether the 2FA is been activated, sign out and sign in again.
After entering your username and password you will be redirected to the below page:

Answer your KBA question and click on verify.
You will see the admin(your) dashboard.

KBA method for admin successfully configured

In this way you have successfully configured KBA as your 2FA method.
Similarly you can configure other methods also.

2. OTP over SMS Method

In this 2FA(Two Factor Authentication) method, User receives an OTP over SMS containing a 6-8 numeric key. You need to follow the given steps to enable it in your (admin) plugin for end users security.

Click on OTP over SMS in Configure 2FA tab to configure this method.

Now add your mobile number on which you want to receive the OTP.
Then click on save.

As you can see that the Reconfigure tab of OTP over SMS method is turned green, that means it is active.
Enable second factor if not done before.
Then click on save.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:
Enter the OTP received on the phone and click on verify.

If you are redirected to your dashboard, you have successfully configured OTP over SMS as your 2FA method.

successfully login to miniorange dashboard

3. Out of Band SMS method

In this 2FA method, User is sent a message with accept or deny link.

Click on Out of Band SMS in Configure 2FA tab to implement this method.

Add phone number in the Phone field to get accept or deny link.
Then click on save.

As in the above method the reconfigure tab is turned green that means it has successfully been activated.
Now Enable second factor if not done before and click on save.

enable two-factor authentication for admin

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

Click on Accept or Deny link that you have received on your phone.
On clicking on accept link you will be able see your dashboard which means you have successfully configured Out of BAND SMS method.

4. Mobile Authentication (QR)

The process of Mobile Authentication works such as, a user needs to scan the barcode from his mobile using the miniOrange Authenticator app to proceed.

Click on MOBILE AUTHENTICATION in Configure 2FA tab to activate this method.

To set this method you need miniOrange Authenticator app installed on your smartphone. The link for the same is given in step 1. in above page.

Link to download miniOrange authenticator app

Here you will see 3 different method to install.
Choose any of your choice.
After installation of the app you need to scan the QR code of register your device.
Then click on save.

In the above method the reconfigure tab is turned green that means it is now active.
Next step is to Enable second factor if not done before.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

Scan the QR Code to test this authentication method in miniOrange Authenticator app.
If you are redirected to your dashboard, you have successfully configured MOBILE AUTHENTICATION 2FA method.

5. PUSH NOTIFICATIONS method

The process of PUSH Notifications works as, the user receives a push notifications on his mobile which he needs to ACCEPT | DENY.

Firstly, click on " 2-Factor Authentication" tab in the left panel of your screen.
Click on PUSH NOTIFICATIONS in Configure 2FA tab to enable this method.

To set this method you need miniOrange Authenticator app installed on your smartphone. The link for the same is give in step 1. in above page.

Here you will see 3 different method to install.
Choose any of your choice.
After installation of the app you need to scan the QR code of register your device.
Then click on save.
In the above method the reconfigure tab is turned green that means it is now active.
Next step is to Enable second factor if not done before and click on save.
To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:
You will receive a push notification on the configured phone.
Click on Accept/Deny button to verify.
When you click on accept and if redirected to your dashboard it means you have successfully configured PUSH NOTIFICATIONS method.

6. SOFT TOKEN method

A Soft Token is a piece of a two factor authentication security used to authorize the end user. In this method, User needs to enter the 6-8 numeric key from his mobile.

Click on SOFT TOKEN in Configure 2FA tab to configure this method.

To set this method you need miniOrange Authenticator app installed on your smartphone. The link for the same is give in step 1. in above page.

Download link for miniOrange authenticator app

Here you will see 3 different method to install.
Choose any of your choice.
After installation of the app you need to scan the QR code of register your device.
Then click on save.

In the above method the reconfigure tab is turned green that means it is now active.
Next step is to Enable second factor if not done before and click on save.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

Here you need to enter the 6 digits code generated in your registered miniOrange Authenticator app.
Then click on verify.
If you are redirected to your dashboard, you have successfully configured SOFT TOKEN 2FA method.

7. OTP Over EMAIL method

In "OTP Over Email" 2FA method, User receives an email containing a 6-8 digit numeric key which he needs to enter to use services which are granted to him.

Click on OTP OVER EMAIL in Configure 2FA tab to enable this method.

Here you just have to click on Save since the Email Id specified is the one you have registered from.

In the above method the reconfigure tab is turned green that means it is now active.
Next step is to Enable second factor if not done before and click on save.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

Enter the OTP received on the email address specified and click on Verify OTP.

When you click on verify and if redirected to your dashboard it means you have successfully configured OTP over Email method.

8. OUT OF BAND EMAIL method

In "OUT OF BAND EMAIL" 2FA method, User receives an email with a link which he needs to click to accept|deny the transaction.

Click on OUT OF BAND EMAIL in Configure 2FA tab to activate this method.

configure OUT OF BAND EMAIL 2FA for admin

Here you just have to click on Save since the Email Id specified is the one you have registered from.
Then click on save.

In the above method the reconfigure tab is turned green that means it is now active.
Next step is to Enable second factor if not done before.
Then click on save.

enable 2-factor authentication for admin

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

You will receive an Email on the Email specified in above with Accept or Deny link.
When you click on accept link and if redirected to your dashboard it means you have successfully configured OUT OF BAND EMAIL.

9.Google Authenticator

In this method, User needs to enter 6 digits passcode generated by Google Authenticator app.

Click on GOOGLE AUTHENTICATOR in Configure 2FA tab to configure this method.

configure 2FA GOOGLE AUTHENTICATOR method

For the installation of this method you first need to install the google authenticator app by clicking on the link in step 1.

Here you will see 3 different method to install.
Choose any of your choice.

After installation of google authenticator app, register to device by scanning the QR code in the app.
Then Click on save.

In the above method the reconfigure tab is turned green that means it is now active.
Next step is to Enable second factor if not done before.
Then click on save.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

verify your identity as an admin by submitting OTP

Here you need to enter 6 digits code from your google authenticator app.
And then click on verify.

If you are redirected to your dashboard it means you have successfully configured GOOGLE AUTHENTICATOR 2FA method.

10. YUBIKEY hardware Token

"YUBIKEY hardware Token" is a 2fa verification method, in which a user needs to connect a USB into his computer which generates token in the form of an alphabetic key. This process works with the combination of an OTP & hardware tokens.

Click on YUBIKEY Hardware Token in Configure 2FA tab to enable this method.

select YUBIKEY Hardware Token 2FA method for admin

Firstly, you need to connect the yubikey hardware through the USB port.
Click on the Enter OTP tab.

Now hold the hardware, otp will be automatically added in this field.
And you would be redirected to the configure 2FA field.

YUBIKEY Hardware Token method is activated for 2-Factor Authentication

In the above method the reconfigure tab is turned green that means it is now active.
Next step is to Enable second factor if not done before.
Then click on save.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

verify your identity as an admin to system

Here you need to select the Enter OTP field.

Press the Hardware token to get the key automatically.

If redirected to your dashboard it means you have successfully configured Yubikey Hardware Token 2FA method.

11. Microsoft Authenticator

In this method, User needs to enter 6 digits passcode generated by Microsoft Authenticator app.

Click on Microsoft Authenticator in Configure 2FA tab to configure this method.

select Microsoft AUTHENTICATOR 2FA method

For the configuration, you first need to install the Microsoft authenticator app by clicking on the link in step 1.

After installing application it will ask you to Add account. Select the type of your account (Google, Personal account)
Register your device by scanning the QR code in the Microsoft Authenticator app.
(If you dont want to scan QR code you can enter Secret Key manually).

Scan QR code to register device for authentication

Once you register your device, your app will start showing One-time Password code(code varies in every 30 seconds).
Enter One-time Password code and click on Save button.

Enter passcode generated by Microsoft Authenticator App

You can see the message "Your configurations have been saved successfully" in green.
Now Enable second factor toggle if not done before and click on save.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to 2-Factor Authentication Page
Here you need to enter 6 digits code from your Microsoft authenticator app.
And then click on verify.

Enter OTP generated from Microsoft Authenticator

If you are redirected to your dashboard it means you have successfully configured Microsoft Authenticator 2FA method.

Microsoft 2FA authentication for admin done successfully

12.OTP over SMS and EMAIL

In "OTP Over SMS and Email" 2FA method, User receives 6-8 digit numeric key OTP via EMAIL and SMS both. User need to enter this numeric OTP to use services which are granted to him.

Click on OTP over SMS and EMAIL in Configure 2FA tab to configure this method.

Select otp over email and sms 2FA method

Now add your mobile number and email on which you want to receive the OTP.
Then click on save.

Add your mobile number and email for OTP

You can see the message "Your configurations have been saved successfully" in green.
Now Enable second factor toggle if not done before and click on save.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to 2-Factor Authentication Page.
Now you will receive OTP via both SMS and EMAIL. Enter the OTP receivedand click on Verify button.

Enter OTP and verify admin authentication

If you are redirected to your dashboard it means you have successfully configured OTP over SMS and EMAIL 2FA method.

13. Phone verification

In "Phone Verification" 2FA method, User receives a call telling a 4-8 digit numeric key which user need to enter to authenticate and use services which are granted to him.

Click on Phone verification in Configure 2FA tab to configure this method.

Select Phone Verification 2FA method for admin system

Now add your mobile number on which you want to receive the OTP via call.
Then click on save.

Enter mobile number to receive OTP via call

You can see the message "Your configurations have been saved successfully" in green.
Now Enable second factor toggle if not done before and click on save.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to 2-Factor Authentication Page
Now you will receive OTP via Phone call. Enter the OTPand click on Verify button.
If you are redirected to your dashboard it means you have successfully configured Phone Verification 2FA method.

Phone verification for admin done successfully

Configure 2FA for admin
KBA (Security Questions)
OTP over SMS Method
Out of Band SMS method
MOBILE Authentication(QR code)
PUSH NOTIFICATIONS method
SOFT TOKEN method
OTP Over EMAIL method
OUT OF BAND EMAIL method
Google Authenticator
YUBIKEY hardware Token
Microsoft Authenticator
OTP over SMS and EMAIL
Phone verification

Configure Two-Factor Authentication (2FA) for Admin