Two-factor (2FA) or multi-factor authentication (MFA) is an additional security layer for your business. This helps you address the vulnerabilities of a standard password-only approach.
Enabling the 2FA feature will add one more step to the login process for the user. In addition to providing the correct username and password, the user will be required to enter a One Time Password.
The methods that we provide for 2-Factor Authentication are:
Email: With this method, every time the user logs in, they receive an email containing the authentication code. The email that will be sent out to users you host can be customized in the Mail Templates menu. We recommend you do this before enabling 2FA for your customers.
Authenticator application: Login with an authenticator application. This method is also known as TOTP (Time-based One-time password). Using this method, the user can setup 2FA by scanning a QR code using a TOTP based smartphone application, like Google Authenticator or Microsoft Authenticator. The application then continuously generates the authentication codes for the user which the user can use to authenticate themselves.
In this article:
1) How do I enable 2FA for my customers?
After logging in to your reseller control panel using a reseller admin user, you will be able to enable 2FA on the My Account page, in the Two-factor authentication section.
Set the toggle to Yes, scroll to the top of the page and click Save. Now, all accounts you host will have the option to enable 2FA. Individual accounts need to enable 2FA themselves before users can setup and use 2FA.
If you find that the option is greyed out, it means that your parent reseller has not enabled 2FA on their account. In this case, you'll need to get in contact with them. Once they enable it, it will also make the option available to you.
You can also enable or disable 2FA directly on a company account that you host, so that the company administrator does not have to enable it. Also, with disabling this option, you can help company administrators regain access to their account in case they've both lost their device used for authentication and did not save their recovery codes.
To do this, go to the Companies page, click the name of the account you want to edit, and switch the Enable two-factor authentication toggle to Yes or No. Lastly, scroll up to the top of the page and click Save.
2) 2FA Email Template - Authentication Code
Before you enable this feature, it is a good idea to customize the email that will be sent out to users that use the Email authentication method.
On the reseller panel, go to the Mail Templates menu. A new template can be found here, called Authentication code. Clicking the + button will let you customize the template for a specific language.
As always, make sure that the required tags |$Name| and |$Code| are present in your template, and that the template is set to Published. You can also send a test mail to yourself before publishing it.
If you have templates in several languages, make sure you customize a template for each one.
You can learn more about templates here.
3) Can I enable 2FA for my reseller administrator users?
Currently, a user needs to be associated with a company account to use 2FA. Once your Reseller admin user is part of a company that has 2FA enabled, you can set it up to use 2FA in the Web Client -> Profile menu. After this, logins to both the Web Client and the Reseller Control Panel will be protected by 2FA.
However, we are working on implementing this feature for reseller admins that don't have a company association.
4) How will enabling 2FA on my reseller account affect my customers?
✔ Resellers that you host will be able to enable 2FA for their customers.
✔ Administrator users of Company accounts that you directly host will be able to enable 2FA for users of the account.
✔ End-users will be able to use 2FA when logging in to RushFiles, provided that their Company Administrators enable this option on the account they are hosted on.