Second Authentication From New Locations

Modified on Thu, Jan 11 at 12:50 PM

What is Second Authentication?

When this option is enabled; when a user logs into Genesis from an unrecognized location; an e-mail is sent to that user which contains a one time password.   That user will have to enter that password in order to access Genesis.  The email is sent to both e-mail address that are on the Setup.Security.Modify User screen. 

What is required to use this feature?

E-Mail (Core > Email > Setup) must be working correctly before this feature is enabled on a user.

Auditing

Every step of the process is recorded in the Audit Security log.  From the normal audit log on the Setup.Security.Modify User screen, you can easily see attempts to login to that account from unknown locations.  There is also an Excel report that you can run from the Setup.Security.Modify User screen that will show every location that logonid has attempted to log in from.

Users will know when someone is trying to access their account

An e-mail is sent to the user when someone tries to log on from an unknown location.  This means that users will know right away someone is trying to log on as them.


Why doesn't this work?

Is the system requiring the user to login using the 2nd password multiple times? If the 2nd password was entered for the new location of the user, and continues to send requests for the password at that same location, this could be an issue with the user's browser and how it saves cookies. 


The way this feature works is when a user logs in to Genesis for the first time from a browser, we generate a locationid based on the logon id, the user-agent from the browser, and a couple other pieces of info.  We then store that as a cookie in the browser and as an entry in the DB for future use.


The next time a user logs in, we first pull the location from the cookie in the browser and compare that to the entry in the DB and if they don't match we assume that the user is on a new device and send the email logon code to the user.


If the user is attempting to login from a location they have already logged into, something could be causing this 'cookie' to be deleted from their browser. This can be due to a policy on the user's machine or domain, antivirus protection, or internet browser settings. Any of these items can be configured to automatically 'clear' away the cookies every so often. 


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article