Using second authentication factor only for the first instance login

Chien VH asked on December 10, 2014 11:39

When user wants to login to the sytem, to protect the login action I want SMS as the 2nd authentication factor on user's account. Email would be the secondary alternative if SMS is not available for user. For now, as my investigation If the options "Enable multi-factor authentication" and "Multi-factor authentication is required globally" is checked then the verification passcode will be generated each time the user tried login to the system. However, my expectation here is I just want the user enters the verification passcode in the first time when login on any new computer. Once the user verified on the new computer, the second time login will not require for passcode verification anymore. Do you think Kentico will support my requirement?

Recent Answers

Brenden Kehren answered on December 10, 2014 17:06

You'd have to write some custom code around the authentication event to perform this type of action/checking. In that link, there is reference to multi-factor authentication handling as well. This would be the best place to start.

1 votesVote for this answer Mark as a Correct answer

Chien VH answered on December 11, 2014 03:22

Hi Brenden,

I'm referring to this link This Link to implement. Ok, I will refer to your link and let you know if I have any question. Thanks!

0 votesVote for this answer Mark as a Correct answer

Chien VH answered on December 11, 2014 12:44

I can get the number of UserTokenIteration for particular user inside CMS_User table. My solution here is if the number of UserTokenIteration >=1, then the passcode verification page will be disappeared (user passed this step). But, I dont know how to bypass this step. Can you let me know?

0 votesVote for this answer Mark as a Correct answer

Eric Garrison answered on December 31, 2014 20:43

Were you able to get this to work? Did you have to customize the login form webpart? I am starting test and have hit a few road blocks on 8.1.

1) Only /admin (cmsdesk) is redirecting to enter token. Logging into the member site, the MFA is not triggering, it is only denying login.

2) What did you do for the SMS? I was going to write a webservice to send these. I looked for existing SMS Marketplace packages and code, but didn't find anything.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.