Two-Factor Authentication

Implementation into an existing project:

  1. 1.
    Download a project template JSON.
formio-2fa-template2.json
34KB
Code
2. Go to the Staging settings in your project.
3. Click on the Choose File button and select a downloaded file from step 1.
4. Then click on the Import Template to Live. You will see new Forms in your project now:
Name of forms
Two-Factor Authentication Form - will be used to authenticate users with a one-time 6-digits code from an auth app.
Two-Factor Recovery Form - will be used to authenticate users with a one-time recovery code.
Two-Factor Authentication Settings Form - a form for switch on/off 2FA settings for users.
And the updated User resource with Two-Factor Settings.
5. Go to the Two-Factor Authentication Form access settings and set permissions (for example):

Submission Data Permissions

Form Definition Access

6. Go to the Two-Factor Recovery Form access settings and set permissions (for example):

Submission Data Permissions

Form Definition Access

7. Go to the Two-Factor Authentication Settings Form access settings and set permissions (for example):

Submission Data Permissions

Form Definition Access

If you install a new Server with Base Portal, you don’t need steps 1-7.

How to use Two-Factor Authentication:

8. If you use Base Portal, to switch on 2FA go to the Account settings => Two-Factor Authentication and click on the Turn On 2FA button.
9. Scan a QR code with your Authenticator app (e.g. Google Authenticator, Microsoft Authenticator, Authy, etc.), then enter a 6-digits code from the authenticator app.
10. Please, write down 10 recovery codes in a safe place to be able to log in to your account if you lose access to your auth app or lose your device. Each code is acceptable for one-time login. After login, it will be deleted.
11. If you want to turn off 2FA you need to click on the Turn Off 2FA button.

If you use 2FA for your own project (not Base Portal), you need to give read access permissions for your users to the Two-Factor Authentication Settings Form.

12. When you want to log in to the app again, enter your username/login and the following form will appear on your screen:
Available ENV variables: TWO_FACTOR_AUTHENTICATION_APP_NAME - use to set the app name to the authenticator app (by default it is Form.io).