Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com

Two factor Authentication (2FA/MFA)

Introduction

Two-factor Authentication (2FA or MFA) enables OpenSpecimen customers to implement an additional security layer to protect local user accounts from being hacked. For institutional users (e.g. Active Directory, Shibiloth etc) users, MFA has to be enabled at the institution level.

When 2FA is configured, users must enter an additional One Time Password (OTP) along with the user name and password. This is a system-level configuration and applies to all the local users. This feature is provided from the v8.1 OpenSpecimen version.

The OTP is generated using a mobile app like Google Authenticator, Duo, Microsoft Authenticator, etc., installed on the user's mobile app.

Two-factor Authentication is available only for the EE version.

Enabling/Disabling 2FA as Super Admin

Prerequisites

  • Email configuration: Before enabling the 2FA feature, ensure that email configuration is completed in the OpenSpecimen server.

  • Email notification: Furthermore, enable email notification at both system and user level.

Configuring 2FA

  • Install an authenticator app beforehand on your Android or Apple device. E.g., Google Authenticator, Duo, Microsoft Authenticator.

  • By default, the 2FA is disabled. To enable this feature go to Settings → Authentication → Select ‘Two Factor Authentication' and click on ‘Enabled’ button.

  • To disable it again, go back to Settings → Authentication → Select ‘Two Factor Authentication' and click on ‘Disabled’ button.

Enabling 2FA as a User

  1. Download Authenticator App on your mobile phone.

  2. Go to the OpenSpecimen login page and click on 'Reset OTP Secret Code?'

  3. Enter your OpenSpecimen login name inside the area shown in the red box below and click on the 'Email Reset OTP Secret Code link.'

  4. A mail will be sent to your registered email id, as shown below. Click on ‘Reset my OTP secret code’.

  5. An email will be sent to you with a secret code and QR code.

  6. Open the Authenticator app on your device and select either ‘Enter a setup key’ or ‘Scan a QR code.’

    1. Add account name “OpenSpecimen Test” or “OpenSpecimen Prod”

    2. Enter or scan the secret code/key

    3. Select ‘Time-based’ value

    4. Click on ‘Add account.’

  7. For more details on setting an account on the Authenticator app, you can refer to this video.

  8. Once successful, you will notice that a six-digit OTP code is displayed in the app.

Login via OTP

Once 2FA is configured, you have to enter the six-digit OTP code from your Authenticator app along with your login id and password to login into the OpenSpecimen.

  1. Go to the OpenSpecimen login page and enter your login name and password.

  2. Open the Authenticator app on your device and copy the six-digit OTP from it.

  3. Enter the OTP to the login page and click on 'Sign in.'

 

  • From v8.2 you can view the present secret/security code as well as regenerate them.

  • Users can view and generate only their security code.

  • Admins have to impersonate to view and generate other users OTP security code

Viewing Present OTP Secret/Security Code

  1. Go to your ‘User profile’ page and click on the OTP Secret Code Tab available on your left.

Regenerate the OTP Secret/Security Code

  1. Go to your ‘User profile’ page and click on the OTP Secret Code Tab available on the left.

  2. Clicked on ‘Reset Security Code' and choose 'Yes’.

Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com