Multi-factor Authentication
Multi-factor authentication (MFA) refers to the security mechanism that requires users to provide two or more verification factors to gain access to a resource, such as an application or online account. The verification factors include password, pass key, text code, and token.
TruBot Designer components provide functionality to generate tokens that can be used with other form of authentications to enable sign-in when a multi-factor authentication setup is present.
|
Prerequisite |
|
'TruBot.MultifactorAuthentication.Activities' package needs to be installed to add the TruBot Multi-factor Authentication components in the Toolbox. |
Available components
A brief description of the components available under the Multi-factor Authentication category is given below.
|
Components |
Description |
|
Generates token for multi-factor authentication. |
|
|
Generates token for multi-factor authentication. |
|
|
Generates token for multi-factor authentication. |
|
|
Generates token for multi-factor authentication. |
About security key and token
A security key is a unique string, similar to a license key, generated by service providers for implementing two-way authentication for a given software resource. The security key (and the associated QR code) can be used to add an account in an Authenticator app (for the software resource). Using the app, the account can be opened to access the required token. The security key is also used to configure a Multi-factor authentication component activity in a workflow for generating authentication token.
|
Important |
|
A token is a number that is generated every 30 seconds and remains valid until the next token is generated. |
How to get access to the secret key?
When you enable two-way authentication for your software account and choose token as a second means of authentication, then during this process a QR code is generated that you can scan through any of the available Authenticator apps. You also have the option to directly read the secret key instead of scanning the QR code. Using the latter option, you can get access to the security key, which you can then enter in an Authenticator app of your choice for generating tokens.
|
Important |
|
Just like a password, a security key should also be kept confidential. A new security token should be generated as soon as possible in case an existing one is compromised. This will make the current security key and tokens generated using it as invalid. |
Steps to configure a Google Authenticator app (using the secret key) are given in the slideshow below.
|
Note |
|
Tokens generated in two different Authenticator apps (say a Google Authenticator app and a Microsoft Authenticator app) will be same if the token generation accounts in both the apps were added using the same secret key. This implies that to authenticate access to a given software resource, any of the Authenticator apps can be used. |
