Two-factor authentication
Two-factor authentication (2FA) is a secondary layer of security to protect developer account sign-up and system login. A verification code is sent through SMS and email to be used each time a developer logs in to a ClearBlade account.
Admin account
2FA can be enabled and set up under the Security tab on the Admin Management page for the admin account systems.
Security
Setting | Description |
|---|---|
Require Two Factor Auth | When the checkbox is checked, 2FA is required for the instance’s developer accounts |
Dev Token TTL | The time for which the developer token is valid |
Click Configure to open the communication modules.
Click Update to save changes.
Email communication
Setting | Description |
|---|---|
Protocol | We only support SMTP at this time |
Encryption Type | Choose an email communication encryption protocol |
Host | The domain name that contains the SMTP server (such as smtp.gmail.com) |
Port | A list of common SMTP ports is provided for you to choose from. Port 587 is recommended as a default port, as most SMTP servers can use this port |
Username | The SMTP email being used to send the validation email |
Password | The SMTP email account’s login password |
From Email | Where will the email be sent from |
Validation Subject | Validation email subject line |
Validation Message | Validation email body message. There will be a default message if this field is left blank. $LINK will be replaced with the generated validation link. HTML is supported |
Two Factor Subject | The subject line when sending emails with login codes to developers |
Two Factor Message | The message in the email’s body when sending emails with login codes to developers. There will be a default message if left blank. $CODE will be replaced with the generated login code. HTML is supported |
SMS communication
Setting | Description |
|---|---|
Service Name | We only support Twilio at this time |
URL | The messaging service’s URL |
Username | Account SID |
Password | Authentication token |
From Number | The phone number that the message will be sent from |
Validation Message | The validation text body message. $LINK will be replaced with the generated validation link. There will be a default message if this field is left blank |
Two Factor Message | The message in the text body when sending login codes to developers. $CODE will be replaced with the generated login code. There will be a default message if this field is left blank |
Appearance and other tools
Communication information should appear in the appropriate sections.
Setting | Description |
|---|---|
Configure | Opens the communication settings module |
Test | Sends test email/SMS messages |
Delete | Deletes the communication settings |
Developer account
If 2FA is enabled at the admin level, then the settings cannot be overridden at the developer level.
Dev accounts can enable 2FA for their login by marking the Enable Two Factor Auth checkbox in Account Settings under the username. Users must validate their chosen method before updating their 2FA settings. There is an option to validate methods by clicking Send Validation Email (or Text).
Setting | Description |
|---|---|
Enable Two Factor Auth | When the checkbox is checked, 2FA is required for logins and sign-ups on a developer’s system |
Default Two Factor Method | Choose to have the authentication code sent to a validated email, SMS, or both |
Two Factor Email | An email must be validated before it can receive a login code. The validation status appears next to the email. There is an option to send a validation email |
Two Factor Phone | A phone number must be validated before it can receive a login code. There is an option to send a validation email. The validation status appears next to the number. There is an option to send a validation text |
Click Update Settings to save changes.
Login attempts and disabling account
The login code becomes invalid after the first failed login attempt. The developer must reattempt the login process after the code is resent three times.
If the default validated 2FA method (email/phone number) is removed, the account will be disabled, and the developer will be locked out.