The LoginRadius Identity Platform provides Two-Factor Authentication to add an extra layer of security for the consumers’ accounts. With this feature enabled, once the consumer enters their login credentials, they are sent an authentication code to complete the login. This feature is available on an add-on basis for your LoginRadius account.
You can keep 2FA optional or required for the users as per your business requirement. This guide explains how to configure the Two-Factor Authentication for your consumers.
Note: When both Passwordless Login and Two Factor Authentication (2FA) are implemented for your application, the consumer will not be prompted for 2FA, if they choose to authenticate with the Passwordless Login method.
You can implement the 2FA in two following ways:
- SMS Passcode: A verification OTP is sent to the consumer’s registered phone number. The consumer will be logged in upon verifying this OTP.
- Google Authenticator: Consumer needs to enter the verification code from Google Authenticator linked account. Upon verification, the consumer will be logged in.
Log in to your LoginRadius Dashboard account, select your app, then from the left navigation panel, click Security and then navigate to the Two Factor Authentication section. Click on the switch to enable the Two Factor Authentication Add-On.
When the Add-On dialog appears, click Enable
Choose the desired Two-Factor Authentication methods from SMS Passcode and Google Authenticator, and whether it is going to be optional or required for the consumers:
- Optional: Consumers will have the ability to enable or disable Two Factor Authentication on login.
- Required: Consumers will be required to authenticate themself using the enabled 2FA option in addition to the initial authentication for login.
Two-Factor Authentication with SMS Passcode will be the default option for the consumers, and in this section, you are allowed to customize the Two Factor Authentication template.
To access the respective SMS template, click the down arrow available next to the SMS Passcode option.The following screen will appear:
To edit the template used for the SMS Passcode method, click the Edit icon given in the action bar highlighted in the previous step.
Note: Two Factor Authentication SMS template is sent to your users when they authenticate through their credentials. This SMS will contain an OTP that the users will need to enter to complete the log in. Phone Login should be enabled for your application to use this 2FA method.
To enable two-factor authentication with Google Authenticator, you need to configure the following settings under the Google Authenticator section.
- Select the Google Authenticator checkbox.
Click the down arrow available next to the Google Authenticator option. The following section will appear on the screen:
- Enter the Issuer ID, it can be your product/company name.
- Enter valid values for QR Code Width and Qr Code Height (ideal values are 200 for both)
- Save the settings.
The two-factor authentication is now configured.
In case of SMS Passcode, upon validating the login credentials, the consumer will get an SMS with verification OTP. Upon verifying with OTP, the consumer will be logged in.
To verify the 2FA with Google Authenticator on your authentication page, open your Auth Page (IDX)
https://<your-app-name>.hub.loginradius.com/auth.aspx. It will display the following google authenticator options (where the consumer needs to scan the QR code via their google authenticator app or enter the code generated via the app):