Two Factor Authentication

Two factor authentication (2FA) is a secondary layer of security to protect developer account sign up and login to systems. A verification code is sent through SMS and/or email to be used each time a developer logs in to a ClearBlade account.

Admin Account

2FA can be enabled and set up under the ‘Security’ tab in the ‘Admin Management’ page for the systems of the admin accounts.

Security

Setting Description
Require Two Factor Auth When the checkbox is checked, 2FA is required for all developer accounts in the instance
Dev Token TTL The time period for which the developer token is valid

Click ‘Configure’ to open the communication modules.

Make sure to click ‘Update’ to save changes.

Email Communication

Setting Description
Protocal We only support SMTP at this time
Encryption Type Choose an email communication encryption protocol
Host Domain name that contains the SMTP server (such as smtp.gmail.com)
Port A list of common SMTP ports is provided to choose from. Port 587 is recommended to use as a default port, as most SMTP servers can use this port
Username The SMTP email address being used to send the validation email
Password The login password for used for the SMTP email account
From Email The email address that the email will be sent from
Validation Subject Validation email subject line
Validation Message Validation email body message. There will be a default message if this field is left blank. $LINK will be replaced with the generated validation link. HTML is supported.
Two Factor Subject The subject line when sending emails with login codes to developers
Two Factor Message The message in the body of the email when sending emails with login codes to developers. There will be a default message if left blank. $CODE will be replaced with the generated login code. HTML is supported.

SMS Communication

Setting Description
Service Name We only support Twilio at this time
URL URL of the messaging service
Username Account SID
Password Authentication token
From Number The phone number that the message will be sent from
Validation Message Validation text body message.$LINK will be replaced with the generated validation link. There will be a default message if this field is left blank.
Two Factor Message The message in the body of the text when sending messages with login codes to developers. $CODE will be replaced with the generated login code. There will be a default message if this field is left blank.

Appearance and other tools

Communication information should appear in the appropriate sections

Setting Description
Configure Opens the communication’s settings module
Test Sends test email/sms message
Delete Deletes the communication settings

Developer Account

If Two Factor Auth is enabled at the Admin level then the settings cannot be overidden in the Devoloper level

Dev accounts can enable 2FA for their individual account login by marking the ‘Enable Two Factor Auth’ checkbox in ‘Account Settings’ under the username. Users need to make sure the method(s) of their choice is validated before updating the 2FA settings. There is an option to validate methods by clicking ‘Send Validation Email (or Text)’

Setting Description
Enable Two Factor Auth When the checkbox is checked, 2FA is required for logins and sign ups on Developer’s system
Default Two Factor Method Choose to have the authentication code sent to a validated email, SMS, or both
Two Factor Email An email must be validated before it is able to receive a login code. Validation status appears next to the email address. There is an option to send a validation email.
Two Factor Phone A phone number must be validated before it is able to receive a login code. There is an option to send a validation email. Validation status appears next to the number. There is an option to send a validation text.

Make sure to click ‘Update Settings’ to save changes.

Login attempts and disabling account

Login code becomes invalid after the first failed login attempt. After the code is resent 3 times, the developer will have to re-attempt the login process.

If the default validated 2FA method (email/phone number) is removed, the account will be disabled and the developer will be locked out of the account.