Two-Factor Authentication (2FA)

Modified on Wed, Apr 24 at 12:21 PM

Two-Factor Authentication (2FA)


What is it?

2FA requires users to provide an additional piece of data along with their password to access Genesis. Even if someone gains access to a user's password, they cannot log in without this additional data. This extra piece is a 6-digit number that changes every 30 seconds, generated by an app installed on the user's personal device, like a phone or tablet, using the TOTP algorithm.


Now available for both Genesis Staff and Parents module.


*** Important Pre-Enabling Checks ***

1. SMTP Email Server Integration: Ensure the Genesis server connects to an SMTP Mail server correctly. Do not enable 2FA if email functionality is not working. Configure the SMTP server link on the Core > Email screen.

2. Time Synchronization: Server time accuracy is vital. The 6-digit number generation relies on server time matching the user's device time within 3 minutes. Sync server time with a time server for accuracy.

To check that your server's time is correct, compare the date and time on the diagnostics popup with the time on your desktop or mobile desvice.


Navigate to your Genesis Core > Diagnostics



Mass Enable Users' 2FA by Role

1. Navigate to Setup > Security > Policy. (bottom of page) 

2. Choose roles for 2FA.

3. Click "Send TOTP Authentication Email" to trigger an email containing the "Secret Key."

    This will automatically enable 2FA on the users account, and send an email containing the Secret Key.


Enable 2FA for Specific Users

1. Navigate to Setup > Security.

2. Search and click on the users Logon ID to modify the user settings. (User must have a valid email).

3. Click "Generate and send user via email a new OTP Authentication Key" to send a 16-character shared key.


 

Setup Chrome Browser Authenticator Extension 


Download Authenticator from Chrome Webstore


Authenticator Extension Download


1. Download Authenticator from the Chrome Webstore.

2. Click the Authenticator icon.

3. Click the "+" sign, then "Manual Entry."

4. Under "Issuer," name the OTP (e.g., "Genesis").

5. Enter the 16-character key from the email in the "Secret" field.

6. Click OK to save.







Now, after the user logs in using their normal Username and Password, the following screen will prompt the users for the second factor password:



Using Authenticator on Mobile Devices


1. iPhone and Android: Download Google Authenticator from the app store. Add a token, placing "Genesis" in the account field and the 16-character key from your email in the key field. Ensure "Time Based" is selected.

2. Other Devices: Search for an app handling TOTP Keys in the application store. The process should be identical to Google Authenticator on iPhone and Android.




 

Parent Portal 2FA Setup

 

 

 

 

 

 

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article