0.3. Two-step Authentication

You can set up SocrateCloud to perform the user authentication in two steps, for added safety. As opposed to simple authentication, as described earlier, the user will be required to first enter a password, and then a code generated by a smartphone device.

The 2-step authentication, as implemented in SocrateCloud uses one-time passwords (valid for a limited time only) generated using standards developed by the Initiative for Open Authentication (OATH). Codes can be generated using any software that implements an RFC 6238 TOTP/OATH algorithm:

  • Google Authenticator - available for Android, iOS, Blackberry

  • OATH Token - for iOS

  • Android Token - for Android

Enabling the Two-step authentication

Setting up the 2-step authentication is done in the Two-step Authentication Setup window, located in the System Admin -> General Rules -> Security menu.

Enter a name in the Token Name field.

Generate a secret key by pressing the corresponding button:

  • Base 32 format - if using Google Authenticator;

  • Hexadecimal format - if using OATH Token.

Scan the generated QR code using the token device (you need to to have a QR code scanner software installed on your device).

The application (installed on your smartphone device) will then generate a code.

Type the code into the Verify generated token for verification:

If successful, press the Activate Two-Step authentication button.

Following the setup described above, the two-step authentication is enabled and all subsequent user logins shall take place using this authentication method.

Codes generated by Google Authenticator change every 30 seconds.

Disabling the Two-step authentication

Disabling 2-step authentication can be done by the User or by the Administrator.

This is done by the user via the Two-step Authentication Setup window, located in the System Admin -> General Rules -> Security menu.

  • Enter the token name;

  • Type the code generated by the token device at that moment into the Verify generated token and have it verified;

  • If the verification is successful, click the Deactivate Two-Step authentication button.

This is done by the administrator by using the Disable Two-step Authentication process available in System Admin>General Rules>Security and selecting the user for which user the two-step authentication is to be turned off.

After following any the steps above, the two-step authentication will be disabled.