Configure Two-Factor Authentication (2FA) for Users

Why you need Two-Factor Authentication(2FA)?

Passwords are everywhere, users use them to access their money, do communication etc. At first, we used one password for everything but that wasn’t good enough so we started making our passwords more complicated with a combination of numbers, uppercase/lowercase letters & even special characters. But no matter how complex your password or the password management system is, it is never enough to prevent account takeover because all it takes is one simple phishing email or database breach and your password is out in the world. So, if passwords are impossible to protect, how do you protect your account ?

That’s where two-factor authentication comes in. 2FA adds another method of identity verification in order to secure your accounts. First thing you know – Your username and password. Something unique that you have – Your phone or fingerprint. By combining your username and password with the second method your access becomes more secure and impossible for an attacker to pass it even if they have your password.

Configure 2FA for users


    To Configure two-factor authentication (2FA) for users you need to select one of the method from  "default Authentication methods" section. Authentication methods include OTP over SMS, OTP over email & OTP over both SMS and email. You can choose Authentication methods for your end-users in the following way:

  • Log in to the miniorange Admin Console.
  • Select Configure 2FA for Users from 2-Factor Authentication Tab.
  • Click on 2- Factor Authentication Select configure 2FA (two-factor authentication) for users tab 2fa for users dashboard

Here you can see four main functionalities to configure 2-Factor Authentication for Users:

1.Select Default 2FA Authentication Method for your end-users:

  • In this method, you can select default method for end users.
  • Let's say you want to set OTP over SMS as default method for your end-users.
  • First, you have to click on the checkbox of OTP over SMS.
  • Then click on save.
  • select otp over sms 2fa method for user
  • To verify, the admin has to select the user tab from the left navigation bar.
  • And click on the user list.
  • Go to users tab Click on user list to get user details
  • In this list, you can check for the end-user and the corresponding second factor type.
  • If the default 2FA method set by you is the same as the second factor type over here, then you have configured successfully.verify the user and its 2FA method

2. Select the 2FA methods allowed to be shown to end-users :

  • The admin has a choice to show the end-users all or any combination of 2FA methods.
  • The below screenshot depict that all 2FA methods which are shown to the end-users.
  • 2fa methods shown to endusers
  • Suppose admin choices some other combination then, he/she has to enable and disable the checkbox accordingly.
  • Then click on save.
  • enable multiple 2FA combination shown to users
  • So in the end-user dashboard, he would be just able to see the above enabled methods to set 2FA for himself.

3. Verify 2FA for end-users :

  • Click on Customization at the leftside panel and select Branding Customization.
  • select branding customizations
  • Here you will see Login Page URL for Organization's users.
  • Copy user URL
  • Copy this Login Page URL in browser and enter miniorange credentials. Now you will be redirected towards end-user dashboard.
  • Now from the left panel click on configure 2FA in end-user dashboard.
  • Here you will see the methods you selected for the particular end-user.
  • configure 2FA for users accordingly
  • Now you can configure default method for end users accordingly.

4. Skip Alternate Login Method (KBA) Configuration during Inline Registration.

  • This functionality gives you a choice to ask the KBA questions during inline registration.
  • skip alternate login method to enable 2FA for users
  • If you want to skip this, enable the Skip alternate login method(KBA) tab.
  • Then click on save.
  • enable, skip alternate login method

Related Articles:

  • 2FA for SAML/OAuth Apps
  • What is 2FA/MFA?