Two-step Verification

Introduction

2-step verification is a simple and more secure way to protect your accounts. It combines a password (something that you know) with a second factor (something that you own), so it is less vulnerable to attacks.

The most common verification techniques are:

  • Text messages with PIN code on your mobile phone
  • Authenticator app generates an authentication code
  • Yubikey (a hardware device similar to USB)

Bloomreach Engagement currently offers 2-step verification with the Authenticator app and Text message. We plan to support Yubikey soon.

Configuration

To enable 2-step verification for your Bloomreach Engagement accounts, go to Settings > User Settings > Security.

12371237

Configuration window

Once the 2-step verification is enabled, you will be asked to verify yourself with the chosen method every time you log in. Also, you will be asked to provide a new token/code from the authenticator app after 30 days or every time your IP is changed.

16721672

Login page - 2-step verification

Authenticator app

Install an authenticator app on your mobile device. You can use any authenticator mobile app, but we recommend to install Google authenticator:

Open authenticator and scan the QR code to obtain a 6 digit code which you need to input in Bloomreach Engagement. Click "confirm".

700700

Configuration of Authenticator APP

Backup codes

Backup codes are useful if you don't have access to your mobile or Yubikey. When you enable this option, you will obtain 10 codes which you can use to log in. You can use every code only once.

684684

๐Ÿ“˜

Note that backup codes are not part of 2-step verification. Use backup codes only as a recovery option if you lose access to your devices.

Text message

In User settings -> Security enable the "Text message" option. When you enable this option you need to enter your phone number and click Get code. Once you receive the code type it into the text area below. Click confirm.

672672

๐Ÿ“˜

You can add more phone numbers for this verification method. Just click show when text message verification is enabled.

Troubleshooting and recommendations

Occasionally, you might encounter problems with your Google Authenticator app. We have put together a few solutions that solve the most common problems.

Sync your Google Authenticator time

Time syncing incorrectly is one of the reasons why your Google Authenticator codes might have stopped working and/or are displaying an error. To resolve this issue follow these steps:

  1. Open the Google Authenticator app
  2. Navigate to the Menu
  3. Select Settings
  4. Click on Time Correction for Codes
  5. Click Sync Now
    This will automatically correct the time.

Sync your phone's time

Whether you are using Android or iOS, you will need to navigate into the settings, look for Date & Time, and toggle both automatic time and timezone on.

Use backup codes

As described above, it is always good to generate and store securely your backup codes. This is useful not only for the times when your app might not be working properly but also for rare cases when you might lose or damage your device.

Two-step verification Enforcement

In Project or Account settings -> Security -> Two-step verification, you can now enforce the usage of two-step verification. In the new settings section, you can decide who needs to use it and would be required to log in again as verification. It can be applied per account, project or specific role. Additionally, you can create a new custom role that inherits other predefined roles but has a requirement to use two-step verification. We try to provide the most flexible options for various requirements and situations.

18061806

You can apply the enforcement on both project and account level. The settings allow you to choose one out of 3 options available:

  • Optional: this is the same as was before. It is up to you if you want to use two-step verification.
  • Mandatory for selected roles: this option allows the client to select a set of roles that require the use of two-step verification. Every user that has one of the selected roles, has to use a second factor for login.
  • Mandatory for all users: If this option is selected, every user with access to account/project will be required to use two-step verification.

If specific roles on account level require the use of two-step verification, this is inherited also on a project level for all projects within the account. It is strongly recommended that users also download backup codes when he is setting up two-step verification. This option is available on the same settings page.
Settings can be changed only by project admin.