About Two-factor authentication

Two-factor authentication (TFA) provides a more secure login process because when users try to sign in, they’ll have to provide two pieces of information:

  • The account password.
  • A single-use authorization code generated by a mobile app (e.g. Google Authenticator) OR an email message.

This is similar to a cash withdrawal machine at the bank, which requires both a debit card and a personal identification number (PIN). The difference here is that you’ll have to use a different authorization code every time you sign in, because an authorization code expires after it’s used. The network administrators can enable TFA for all network users.

NOTES:
  • Two factor authentication is applied to all users (Network & guest) when logging into their MangoApps domain using the default authentication of mechanism of MangoApps (i.e. email & password).
  • When logging in via Google Apps or other SAML providers this setting would not be applicable.
  • This feature is available to users logging in from Web, Desktop and MAC only.

Enabling Two-step authentication

To Activate the feature in MangoApps:

  1. Go to the Admin portal > Security > Browser access page
  2. Scroll to the Two factor authentication settings and choose the type of authentication from the drop-down. There are two different ways to retrieve authentication codes to use during login. You can either:
  • Enable TFA token via email OR
  • Enable TFA token via Authenticator app
  1. Set the Authentication validity period
  2. Click Save Settings

How Two Factor Authentication works once enabled:

Login via Web:

Step 1: Users log in with Username and Password

Step 2: User gets a secure code via email or an authenticator app on the mobile as configured by the network admin during set up.

Step 3: The user provides the secure code in the browser to access the account.

Steps to Reset TFA for Users (Admin function)

The domain administrator can reset the TFA for users in case they lose access to the mobile device they used at the time of TFA activation.

  1. Go to theAdmin portal > Users
  2. Select the user by clicking on the check box.
  3. Click on “User Tools” from the right side then click “Reset QR code.”
  4. The next time the user logs in, the user can set up TFA from the beginning, providing a code from the authenticator.

Recommended Authenticator apps

You’ll need to download an authenticator app to your mobile device. The app will be able to scan QR codes and retrieve authentication data for you.

Here are some recommended authenticator apps., you can follow the links to download and install them:

The QR code will be shown next time the user logs in.
For example this is a user logging in from the web browser.

Setup Two-factor authentication on the Mobile App (Android, Apple Devices)

In order, have Two-Factor Authentication on the mobile app we need to enable the PIN function, the PIN will be the second factor of authentication, follow the below steps:

Step 1: Enable PIN to access via mobile
You will need to enable the PIN for mobile from the admin portal that is used to accomplish 2FA on mobile. Below are the steps:
1. Navigate to Admin Portal.
2. Navigate to ‘Security > Mobile Access’.
3. Enable – “Users should be required to set a PIN to access via mobile”.
Once Mobile access is provided to – iPhone, iPad or Android; you can then enable PIN to access your mobile device

Screenshot below:

Accessing your MangoApps domain using PIN on mobile

1. After you enable the PIN from the admin portal, you will be asked to set a PIN during the first login.
2. You will need to confirm the PIN twice to set the PIN.
Screenshot for Android Device

Screenshot for Apple Device

     3. After the PIN is set, you will be asked to enter the PIN everytime you open the application from the background.

Screenshot for Android Device

Screenshot for Apple Device