Salesforce

2 (two/dual) Factor Authentication (2FA)

Printable View
« Go Back
Information
2 (two/dual) Factor Authentication (2FA)
2-two-dual-factor-authentication-2fa
Article Details

Introduction

Two-factor authentication is a security process in which the user provides two means of identification from separate categories of credentials. Usually, one credential is a physical token (such as a card), and the other is typically something memorized by the user (such as a security code).

This feature enhances the web login authentication by adding additional steps in authentication. This is usually enabled for users who need to access the Firmstep platform from outside of their council offices. Individual users are able to control whether or not their account uses 2-factor authentication.

Once two-factor authentication is set up, it can be enabled on a per-product basis. For example, it can be set up so that it only applies to Dash/Staff Portal. 

How to Set It Up

  1. Create the email integration.
  2. Raise a support ticket requesting that we enable Two-Factor Authentication for you.
    1. Inform Granicus Support of the authentication provider to which you wish to have two-factor authentication applied. One authentication provider must be used across all of your Firmstep products.  It can be used with any authentication type.

How It Works

1. Log in using FAM, mobile, etc. The system re-directs you to the authentication page.

2. Once two-factor authentication is set up on your site, an email is sent to the users' email address containing a code (alternatively the code can be issued via mobile when there is a SMS gateway, etc.)

Pin code

3. Upon entering the code successfully, you are logged into the site. If not, an error displays that reads You inserted an invalid code.

invalid code

4. If you enter the code wrong 3 times in a row, a new code is sent to the email address.

resent pin

Please note: Each code is only valid for 5 mins

Individual Settings

Users are able to control whether or not their account uses 2-factor authentication once it is set up on the site. We included this control on the default profile form, as depicted in the screenshot below.

default profile form w azure b2c disabled

Tokens

If you wish to either implement your own email integration or to edit the current email integration for the email which is sent to the user containing the code, the following tokens are valid for use:

{first_name}
{surname}
{mobile_number}
{phone_number}
{alternative_number}

Further useful reading:

top of page
Powered by