BSOFTINDIA APP DOCUMENTATION
TWO-FACTOR AUTHENTICATION ADDS AN EXTRA LAYER OF SECURITY AND PREVENTS ACCESS TO YOUR USERS’ SESSION EVEN IF SOMEONE KNOWS THEIR PASSWORD. A COMBINATION OF TWO DIFFERENT FACTORS IS USED TO ACHIEVE A GREATER LEVEL OF SECURITY:
1) SOMETHING THEY KNOW, A PASSWORD.
2) SOMETHING THEY HAVE, A DEVICE – SUCH AS A SMARTPHONE – WITH AN AUTHENTICATION APP INSTALLED.
EACH TIME A USER SIGN IN TO ITS REMOTE SESSION IT WILL NEED ITS PASSWORD AND A VERIFICATION CODE AVAILABLE FROM ITS MOBILE PHONE. ONCE CONFIGURED, THE AUTHENTICATOR APP WILL DISPLAY A VERIFICATION CODE TO ALLOW HIM OR HER TO LOG IN ANY TIME. IT WORKS EVEN IF ITS DEVICE IS OFFLINE.
TWO-FACTOR AUTHENTICATION IS AVAILABLE FOR BSOFT APP WEB PORTAL ONLY, ON BSOFT APP MOBILE WEB AND ENTERPRISE EDITIONS. THIS AUTHENTICATION MODE DOES NOT SUPPORT LOGIN THROUGH REMOTE DESKTOP CLIENT. SINCE 2FA AUTHENTICATION ONLY WORKS WITH THE WEB PORTAL, RDP CONNECTIONS ARE DENIED FOR 2FA ENABLED USERS.
ACTIVATING THE TWO-FACTOR AUTHENTICATION ADD-ON
The Two-Factor Authentication feature can be found on the Add-On tab of the AdminTool:
It is available as a 30-day trial for 10 users. To activate your license, copy the serial number you can find on this tile:
Then, connect to our Licensing Portal and enter your Order Number, your e-mail address and your Serial Number:
ENABLE TWO-FACTOR AUTHENTICATION
Perform the following steps to enable two-factor authentication for your Bsoft App server or deployment. If your Bsoft App deployment is configured to use multiple servers, perform this task on the Bsoft App server exposed as the single point of entry for users or having the reverse proxy role.
1) Open the two-factor authentication administration application. The two-factor authentication status and the license status are displayed:
By default, 2FA is enabled for the Bsoft App gateway and stand-alone application servers.
You can enable it for Bsoft App application servers only, by entering the authentication server URL:
Or disable it:
ADD USERS AND GROUPS
Once two-factor authentication is enabled, you can configure users for two-factor authentication.
1) From the two-factor authentication administration application, click on the Manage Users menu.
2) Then, click on Add to select users and/or groups of users. The Select Users or Groups box opens.
3) Add as many users and groups as required and then click OK. The users and groups are added to the list and enabled for two-factor authentication
On the same tile, you can edit the way users receive verification codes by selecting a user and clicking on the “Edit” button:
The user receives verification codes on the authentication app by default. You can choose that he/she receives it by SMS by selecting the option and adding the user’s phone number on the field below.
REMOVE USERS AND GROUPS
1) To disable two-factor authentication for a user or a group, from the two-factor authentication administration application, click on the Manage Users menu.
2) Select the user or the group and then click on Remove. A confirmation message is displayed.
3) Click Yes. The user or the group is removed from its list and won’t connect using two-factor authentication anymore.
RESET QR CODES
In the event of the loss of the authenticating device for a user, or if the user needs to display the secret QR code again, you must reset the user authentication settings.
1) From the two-factor authentication administration application, click on the Reset Users menu.
2) Select one or multiple users and then click on Reset. A confirmation message is displayed.
3) Click Yes. The selected users will be presented a new QR code at the next login and will have to scan it in their device’s authentication app
ENROLL USER FOR TWO-FACTOR AUTHENTICATION
Once a user has been enabled for using two-factor authentication, an activation message will be displayed at his next successful logon from the Bsoft App Web portal.
In order to complete the required steps, you have two choices: either generate codes via an authenticator app, either make the user receive codes by SMS.
Receive codes with an Authenticator Application
The user must install an authenticator app on a portable device, such as his smartphone.
You can use one of the following authenticator apps to proceed. These apps are available across a wide range of platforms:
Please use each app documentation for more details on how to proceed to add your Bsoft App account.
In order for the user to receive verification codes by SMS, you must first enable it. Click on the Configure SMS tab:
Bsoft App leverages Twilio in order to send verification codes by SMS. Twilio is a third-party cloud platform, not affiliated with Bsoft App
1) Just create a free account on [Twilio]( by clicking on the button below “Start your free trial with Twilio”:
2) On your Twilio account dashboard, you will need to activate your Trial Number:
3) The next step is only necessary for Trial versions. It allows Twilio to verify the actual phone number on which SMS will be sent.
Enter this number under the “Phone Numbers” menu – “Verified Caller IDs” tab :
4) You will then be able to enter your account SID, Authentication Token and Trial Number as the Phone Number on the Configure SMS tab of Bsoft App:
Then, click on Save. The following message will be displayed:
You can manage your Twilio subscription on the Manage Twilio subscription section, at the bottom of the Configure SMS tab. Administrate your account, see the Service Status or reach Twilio Support Center just by clicking on the corresponding buttons.
LOGIN USING TWO-FACTOR AUTHENTICATION
The Advanced tab allows you to configure Two-Factor Authentication in-depth settings.
You can modify the Discrepancy value, which allows you to set the validation time of a verification code.
A discrepancy of 3 means that the same verification code remains valid 90 seconds backward and forward its original 30 seconds validity period. Default is 480, which means 480 x 30 seconds= 4 hours.
A string indicating the name of the two-factor authentication service. The issuer is displayed on the client mobile app and identifies the service associated with the generated verification code. By default, it is composed of the server’s name with Bsoft App
VALIDITY AFTER FIRST SESSION
Period during which a user can open a session without having to revalidate a previous two-factor authentication code. This setting allows users to open applications from the Web application portal successively. Default is 480 minutes.
VALIDITY BEFORE FIRST SESSION
Period during which a user can open a session after validating a two-factor authentication code from the Web portal or from the mobile app, in secondes. Default is 3600 seconds.
The number of digits to display to the user. Please note that this setting may not be supported by authentication apps. This number must be greater than or equal to 4 and lower or equal to 12. Default is 6.
SMS VERIFICATION CODE MESSAGE
Message sent to users requesting a verification code if they are configured to receive it via SMS. This message must contain the %CODE% placeholder which will be replaced by the actual verification code. Default is: Your %ISSUER% verification code is: %CODE%