Enabling Two-Factor Authentication (2FA) in the Security of our Project
Two-factor authentication (2FA) provides more security for projects developed in ScriptCase, as well as for users of this project.
In this article, we'll look at how to enable the use of two-factor authentication (2FA) when creating the project's security module.
Creation of the Security Module
The first step is the creation of the security module. The link below the ScriptCase documentation shows how to create the Security Module, in addition to each step until reaching the enabling of two-factor authentication (2FA).
Enabling API in Two-Factor Authentication (2FA)
ScriptCase provides 3 APIs to be used in two-factor authentication (2FA): SMS, E-mail and Google Auth.
The configuration of these APIs can be done simply and quickly through the option "Tools -> API" in the horizontal top menu of ScriptCase.
- The native SMS integration options are: Twilio, Plivo and Clickatell; (See an example of how to configure)
- The native E-mail integration options are: SMTP, Mandrill and Amazon SES; (See an example of how to configure)
- The native integration option for Authentication is: Google Authenticator. (See an example of how to configure)
The use of a single API for two-factor authentication (2FA) is only allowed.
When we select an option from the three available, it will soon load the API(s) we created. We define the expiry time of the code that will be sent to the user, and then we click on Proceed: (For this example, we will use the SMS API)
Before we go any further, we should go to the "Email Settings" option on the left side menu, and set the Email API we created as an option. This feature facilitates the modification of SMTP server settings when necessary, and avoids an exhaustive adjustment in the Security Module applications, or even the re-creation of a new Security Module.
Once that's done, we go to the page to "Generate Security" of our project, and once it's finished, we generate the source code, open the project and run the Login application created in the security module.
Enabling Two-Factor Authentication (2FA) for the project
After running the Login application, we enter the Username and Password for first access, which usually by default is admin/admin, respectively.
In the Security option created in the menu, go to the "Authentication" option:
We fill in the field with the mobile number that will receive the verification code to enable two-factor authentication (2FA) and click on "Send SMS" (For this example, the chosen API was SMS):
Once we click on Send SMS, a new field will be shown below the phone field, which is exactly the code field. When we receive the SMS, we enter the code, and click "OK":
Ready! Two-factor authentication will be enabled for our account successfully.
To confirm if it has really been enabled, just exit the application by clicking on "Logoff" on the left side menu, and accessing it again. When we enter the username and password, a code will be sent to the mobile number we registered previously.
Related Articles
Security Module Two-Factor Authentication - Google Authenticator
Google Authenticator generates 2-step verification codes on your smartphone. Two-Step Verification provides greater security for your account as it requires a second verification step at login. In addition to the password, you will need a code ...Using two search applications to access a form
In this example we are going to create 2 applications of the "Search" type, and 1 application of the "Form" type. In the Search type applications, we will use the "customers" and "orders" tables, however, we will select only a few fields from each ...Enabling Google Drive API on the Google Console
This tutorial shows how to create a project and enable the Google Drive API for a specific Google account, and get access credentials. 1) Log in with your Google account in the reserved area where you can configure Google APIs, from this URL: ...Upgrading the Security Module: how to migrate from the old to the new
Web application attacks are constantly evolving. With data being such a valuable asset, it is crucial to keep system security updated to avoid losses. The new security module, besides being extremely flexible and intuitive, implements several ...Generating Credentials for Authentication with Facebook
In this article, we will learn how to generate credentials (App ID and Secret) for authentication and access to our project developed in ScriptCase through Facebook. 1 - The first step is to create a Facebook account as a "developer". We need to ...