Two-factor authentication (2FA) provides more security for projects developed in ScriptCase, as well as for users of this project.
In this article, we'll look at how to enable the use of two-factor authentication (2FA) when creating the project's security module.
The first step is the creation of the security module. The link below the ScriptCase documentation shows how to create the Security Module, in addition to each step until reaching the enabling of two-factor authentication (2FA).
The use of a single API for two-factor authentication (2FA) is only allowed.
When we select an option from the three available, it will soon load the API(s) we created. We define the expiry time of the code that will be sent to the user, and then we click on Proceed: (For this example, we will use the SMS API)
Before we go any further, we should go to the "Email Settings" option on the left side menu, and set the Email API we created as an option. This feature facilitates the modification of SMTP server settings when necessary, and avoids an exhaustive adjustment in the Security Module applications, or even the re-creation of a new Security Module.
Once that's done, we go to the page to "Generate Security" of our project, and once it's finished, we generate the source code, open the project and run the Login application created in the security module.
Enabling Two-Factor Authentication (2FA) for the project
After running the Login application, we enter the Username and Password for first access, which usually by default is admin/admin, respectively.
In the Security option created in the menu, go to the "Authentication" option:
We fill in the field with the mobile number that will receive the verification code to enable two-factor authentication (2FA) and click on "Send SMS" (For this example, the chosen API was SMS):
Once we click on Send SMS, a new field will be shown below the phone field, which is exactly the code field. When we receive the SMS, we enter the code, and click "OK":
Ready! Two-factor authentication will be enabled for our account successfully.
To confirm if it has really been enabled, just exit the application by clicking on "Logoff" on the left side menu, and accessing it again. When we enter the username and password, a code will be sent to the mobile number we registered previously.