Second factor authentication

../_images/second-factor-auth-options.png

First, make sure second factor authentication related feature and plugins are added and enabled in settings.py file file (they are, by default). Next, you can change some settings regarding what second factor authenticators to make visible and to whom, also make them required for users by going to staff -> settings -> general (more on that on related documentation page).

Additional settings can be added in advanced settings file. For example:

REMEMBER_SECOND_FACTOR_AUTH_DAYS = 60  # - number of days that a logged in user won't be required to submit again
# the second factor authentication form after he opted for remembering the browser
ALLOW_CHANGING_SFA_AFTER_LOGIN_MINUTES = 5  # - minutes after user logs in that he is allowed to enter sfa settings
# without re-entering his password

Also, the current two authenticator methods: Google authenticator (or other compatible apps) and SMS authenticator require further settings.

For Google authenticator, you can change the issuer name that appears in the app like so:

GOOGLE_AUTHENTICATOR_SETTINGS = {
   'issuer_name': 'Fleio app'
}

For SMS authenticator, you will need to set the provider, SMS message body and maybe the subject like so:

SMS_AUTHENTICATOR_SETTINGS = {
    'provider': 'amazon_sms_provider',  # currently, the only SMS provider available in fleio
    'message': 'Hello, your Fleio verification code is {}',  # "{}" will get replaced with the actual code
    'subject': None,
}

Note that after you add settings for SMS authenticator, you will also need to configure the SMS provider. In the above example, we use Amazon whose Amazon SNS service settings may look like this when added in fleio settings.py:

AMAZON_SMS_PROVIDER_SETTINGS = {
    'aws_access_key_id': '',
    'aws_secret_access_key': '',
    'region_name': '',
    'verify': False,
}

Again, you get these credentials from your Amazon SNS account.