Two Factor Authentication
Two factor authentication (2FA) is a secondary layer of security to protect developer account sign up and login to systems. A verification code is sent through SMS and/or email to be used each time a developer logs in to a ClearBlade account.
Admin Account
2FA can be enabled and set up under the ‘Security’ tab in the ‘Admin Management’ page for the systems of the admin accounts.
Security
| Setting | Description |
|---|---|
| Require Two Factor Auth | When the checkbox is checked, 2FA is required for all developer accounts in the instance |
| Dev Token TTL | The time period for which the developer token is valid |
Click ‘Configure’ to open the communication modules.
Make sure to click ‘Update’ to save changes.
Email Communication
| Setting | Description |
|---|---|
| Protocal | We only support SMTP at this time |
| Encryption Type | Choose an email communication encryption protocol |
| Host | Domain name that contains the SMTP server (such as smtp.gmail.com) |
| Port | A list of common SMTP ports is provided to choose from. Port 587 is recommended to use as a default port, as most SMTP servers can use this port |
| Username | The SMTP email address being used to send the validation email |
| Password | The login password for used for the SMTP email account |
| From Email | The email address that the email will be sent from |
| Validation Subject | Validation email subject line |
| Validation Message | Validation email body message. There will be a default message if this field is left blank. $LINK will be replaced with the generated validation link. HTML is supported. |
| Two Factor Subject | The subject line when sending emails with login codes to developers |
| Two Factor Message | The message in the body of the email when sending emails with login codes to developers. There will be a default message if left blank. $CODE will be replaced with the generated login code. HTML is supported. |
SMS Communication
| Setting | Description |
|---|---|
| Service Name | We only support Twilio at this time |
| URL | URL of the messaging service |
| Username | Account SID |
| Password | Authentication token |
| From Number | The phone number that the message will be sent from |
| Validation Message | Validation text body message.$LINK will be replaced with the generated validation link. There will be a default message if this field is left blank. |
| Two Factor Message | The message in the body of the text when sending messages with login codes to developers. $CODE will be replaced with the generated login code. There will be a default message if this field is left blank. |
Appearance and other tools
Communication information should appear in the appropriate sections
| Setting | Description |
|---|---|
| Configure | Opens the communication’s settings module |
| Test | Sends test email/sms message |
| Delete | Deletes the communication settings |
Developer Account
If Two Factor Auth is enabled at the Admin level then the settings cannot be overidden in the Devoloper level
Dev accounts can enable 2FA for their individual account login by marking the ‘Enable Two Factor Auth’ checkbox in ‘Account Settings’ under the username. Users need to make sure the method(s) of their choice is validated before updating the 2FA settings. There is an option to validate methods by clicking ‘Send Validation Email (or Text)’
| Setting | Description |
|---|---|
| Enable Two Factor Auth | When the checkbox is checked, 2FA is required for logins and sign ups on Developer’s system |
| Default Two Factor Method | Choose to have the authentication code sent to a validated email, SMS, or both |
| Two Factor Email | An email must be validated before it is able to receive a login code. Validation status appears next to the email address. There is an option to send a validation email. |
| Two Factor Phone | A phone number must be validated before it is able to receive a login code. There is an option to send a validation email. Validation status appears next to the number. There is an option to send a validation text. |
Make sure to click ‘Update Settings’ to save changes.
Login attempts and disabling account
Login code becomes invalid after the first failed login attempt. After the code is resent 3 times, the developer will have to re-attempt the login process.
If the default validated 2FA method (email/phone number) is removed, the account will be disabled and the developer will be locked out of the account.