2FA authentication (self-hosted)

<< Click to display Table of Contents >>

Navigation:  Components > Authentication Server > Configuration >

2FA authentication (self-hosted)

In this chapter you will learn how to use the two-factor authentication in bestzero®.

 

Variants of the 2FA setup

 

There are several variants of how you can use two-factor authentication.

 

hmtoggle_arrow1Provider registration with two-factor authentication

 

hmtoggle_arrow1Provider connection with two-factor authentication

 

hmtoggle_arrow1Custom apps with two-factor authentication

 

Request of the two-factor authentication token

 

If a two-factor authentication token is requested, the following input mask appears:

 

2fa_authentication_EN_1

 

Under "2FA Token" you can enter the generated token of your OTP application and with the help of the "Confirm" button you can send it.

The yellow progress bar below the buttons is the remaining time indicator, how long is still waiting for the input of the two-factor authentication token.

 

 

Waiting time when entering an incorrect token

 

Once this has expired, the authentication action must be re-executed and thus the two-factor authentication must be requested again.

 

If an incorrect token is entered and confirmed, then the token entry field is disabled for a certain wait time.

This waiting time increases depending on how often a token is entered incorrectly in succession.

 

1 incorrect entry

1 second waiting time.

2 incorrect entries

2 seconds waiting time..

3 incorrect entries

4 seconds waiting time.

4 incorrect entries

8 seconds waiting time.

5 incorrect entries

16 seconds waiting time.

6 or more incorrect entries

32 seconds waiting time.

 

 

Configuring the lifetime of the two-factor authentication token.

 

Open the "best_local.ini" configuration file at the directory level. (Default directory: "C:\Program Files\Cordaware\best_srv\etc\best_local.ini").

Here you can define the time in minutes how long will be waited for entering a two-factor authentication token.

 

To do this, add the following entry to the "[best_ext]" section:

 

 

client_2FA_wait_timeout = 5 (Default value)

(If an entry with the key "client_2FA_wait_timeout" already exists, just change the value to the desired number of minutes).

 

Save the configuration file and restart the server service "Cordaware_bestinformed_best_srv" to apply the changes.

 

 

Configuration of the waiting time when entering a wrong token

 

In the configuration file "best_local.ini" you can define if the system should wait for a certain time when a wrong token is entered before the token entry field is released again or not.

 

Add the following entry to the section "[best_ext]":

 

 

delayon = true (Default value)

(If an entry with the key "delayon" already exists, just change the value accordingly, depending on whether you want to enable ("true") or disable ("false") the feature).

 

Again, save the configuration file and restart the "Cordaware_bestinformed_best_srv" server service to apply the changes.

 

 

FAQ

 

hmtoggle_arrow1I have lost access to my OTP application, how do I get a new QR code?

 

hmtoggle_arrow1Will I lose an active connection if I lock an app secured with two-factor authentication again?