Two factor authentication setup (2FA)

This article helps you to add two factor authetication

1. User profile

User should navigate to profile, or use direct link  to setup page at https://service.giosg.com/identity/setup-2fa.

294962268-32ea9522-0bcc-48ea-afd1-93197dcc406e

2. Setup page

User should give descriptive name for the device, for example "Work phone" and then click "Enable 2FA".
294962763-c50d27f6-7be1-441d-b979-9702d221ebdc

294962826-a1a7ece6-30b0-434d-af31-e9234a02660b

3. Confirm device page


On the confirmation page user should click "Plus" in the authenticator app and scan the provided QR code to easily setup 2FA for the device. After this the "Time-based one-time password" (TOTP) token will be visible on their device.

Account name be will be in form "Giosg: user@email.com".
294963599-d1a15ccb-1efe-4b5c-add1-1d5bba2434e5

When the authenticator app has been setup, user needs to confirm the device in Giosg by giving the correct token. Device will not become active before this has been completed.

User will be also asked to copy the backup codes and store them in safe place. These codes can be used to login and disable 2FA if the device gets lost. Each backup code can be used only once.

294962852-088c0554-f393-4aa8-8f49-db2bf505f737

4. Success

After user has given correct two factor authentication token, the device gets confirmed and success page is shown.

From this point on, user needs to provide correct token each time they log into Giosg platform. Token is also needed when disabling the two factor authentication.

294965267-a71893b3-9069-4a4e-9916-405b81f54e56

 

Login flow with two factor authentication enabled


1. Login page
When user has two factor authentication enabled, login page looks normal until user has given their correct email and password to login

294967717-ea6f4760-d0a8-41ba-b9fc-e88525edec21

 

2. Two factor authentication


After user has provided correct credentials, they are asked to provide correct two factor authentication token. This can be either the time based code from their authenticator app or one of the backup codes. Each backup code can be used only once.

294967781-21fcacdd-8aaf-4a50-b623-a3574c4679b5

3. Success or failure

If user did input correct two factor authentication token they will be logged in normally. If the token was incorrect they wont get logged in even though the email and password would be correct and error is shown.
294968109-1bf391c6-f20e-4c52-8f6f-772e24477540

Disabling 2FA or changing device

1. Go to setup page or directly to disabling page https://service.giosg.com/identity/disable-2fa

To disable two factor authentication users can go to setup page from profile or directly to the disabling view. If users go to setup view after two factor authentication has been setup, they are told that only one device is supported. From this page they can click a link to get to disabling process.

294970153-f298aa15-9029-417f-8b45-e269f41e1525

2. Disabling view

Users are shown warning that this will weaken their account security. If they want to proceed they need to input correct token from authenticator app or use one of the backup codes.

If the token is correct, all 2FA devices will be removed from their account and they don't need to input two factor authentication token anymore when logging in.

Users need to follow this process also if they want to change the device.

294971061-5d0a6093-8cba-4275-bc60-92522abf5798

3. Disabling completed


When the configured two factor authentication device has been removed, user will be redirected back to start of the process. They can now add new device if they wish or keep their account without two factor authentication.

294971128-04fa944d-a298-4fdd-a987-a54cffc3513f