Crowd Two Factor Authentication (2FA/MFA) gives the ability to enable
2FA/MFA for Crowd which adds a security layer on top of user login.
Crowd Servers are compatible with all Authenticator Apps including Microsoft Authenticator and Google Authenticator. Here we will go through a
guide to configure the miniOrange Crowd 2FA/Crowd MFA app. By the end of this guide, Crowd users should be able to perform Two Factor Authentication (2FA) on top of user login
You can refer the steps to configure any Two Factor Authentication (2FA) method with the Crowd from the video or documentation given below
Pre-requisites
To configure Crowd Two Factor Authentication, you need the following
items:
Crowd should be installed and configured (supported version Crowd
Server 3.7.0 and above).
Admin credentials are set up in Crowd.
Valid Crowd Server Licence.
Download And Installation
Log into your Crowd instance as an admin.
Navigate to the settings menu and Click Manage Apps.
Click Find new apps or Find new add-ons from the left-hand side of
the page.
Locate Two-factor Authentication(2FA), Crowd 2FA
via search.
Click Configure to get into and configure the plugin.
Step 1: Setup miniOrange 2-Factor Authentication
Navigate to Two Factor Settings tab.
Enable Crowd 2FA: For Enabling 2FA for users click
on 'Enable the 2 Factor Authentication' for Crowd
users & click on Save.
Enable Crowd Backup Methods: For Enabling the
Security Question or
Backup Code as Backup Method in
case of an emergency login, click on 'Enable Backup Method' and
select 'Security Questions'(the User need to configure
unique security questions) or ''Backup Code'(add-on will provide a set of one-time passcode)
Allowing 2-Factor Authentication for users: For
enabling 2FA for users in Crowd 2FA, navigate to
'User Management' tab, where you can see the list
of all the active users, and all the 2FA operations can be performed on these active users.
Note: 2FA for all the users is disabled by
default, you need to manually enable 2FA for all the users.
2FA for Users: Enter the name of the user in the
Search Bar for whom you want to perform the
operation and hit the search button, the user with that name will
appear. And then in the Action column, select the required Action.
2FA for Groups: Enter the name of the group in the
Search Bar for which you want to perform the operation, and hit the
search button, the group with that name will appear. And in the
Action column, select the required Action.
Note: In future, if users get added to this
group, 2FA will be enabled for them by default.
Step 2: How the user can Configure the 2FA
Welcome Message for users: The following screen
will be shown to users after enabling 2FA for a particular user in
the User Managment Tab of Crowd 2FA Application.
Configure the Mobile Authenticator app: Once the
user clicks Next, the Mobile Authenticator setup screen will be
shown. Where the user needs to scan the QR code or use the Secret
Key and then enter the 6 digit OTP generated on mobile app.
Configure the Security Question: The below screen
will be shown at the time of configuring Security Question as a 2FA
method where the user needs to configure the Security Questions
based on his knowledge. User can configure Security Question as a
Primary as well as Backup method to login into Crowd.
Configure the Backup Code as Backup Method: If the
Backup Code is activated as a Backup Method, the user will see the
screen below where the user will see the list of one-time passcode.
Step 3: Additional Features
Brute Force Configuration: It is used for
restricting the access to your
Crowd Application based on the number of Invalid
Login Attempts for the specified period of time. For enabling Brute
Force Configuration, click on the
'Enable Brute Force Protection for Crowd' checkbox,
then select the number of invalid login attempts
after which user will lock, and the time for which
the user will be in a locked state and won't get access to
Crowd application
Mobile Authenticator Settings: Customized label can
be given to the Authenticator app. Enter the 'Name' for your
authenticator app in the text box.
Step 4: User Management
2FA for Single User: Enter the name of the user in
the Search Bar for whom you want to perform the operation and hit
the search button, the user with that name will appear. And then in
the Action column, select the required Action.
2FA for Multiple Users: Select the users, in the
Bulk 2FA Action drop-down list select the action you want to
perform. And then hit Apply Button.
2FA for All Users: In Bulk 2FA Action drop-down list
under All users Section select necessary Action and hit
Apply Button.
2FA for Single Group : Enter the name of the group
in the Search Bar for which you want to perform the operation and
hit the search button, the group with that name will appear. And
then in the Action column, select the required Action.
2FA for Multiple Groups : Select the Groups, in the
Bulk 2FA Action drop-down list select the action you want to
perform. And then hit Apply Button.
2FA for All Groups : In Bulk 2FA Action Dropdown
list under All groups Section select necessary Action and hit Apply
Button.
Step 5: IP Restrictions
IP Whitelisting: It is a security feature that is
often used for trusted users who can directly log
into Crowd without asking for 2FA. Enter the
IP address and click save for enabling the
IP whitelisting
IP Blocking: It is a basic access control mechanism
that blocks access to Crowd Application based on the IP address. It
will deny access for those IPs which are listed here. Enter the IP
address in the text box for IP blocking. The message for blocked users can be customized, enter the message in the 'Blocked User Message' text box present in the Look and Feel tab and click on the Save button.
Step 6: Reconfigure 2FA
Reconfigure 2FA: For reconfiguring 2FA for
end-user, navigate to Top Navigation Bar click
on Two-factor Authentication, you can see the
Configure Two Factor(2FA) window, now click on
Reset button to Reconfigure the
Authenticator or Backup method.