Difference between revisions of "DuoSecurity"
(→Configuration) |
|||
Line 1: | Line 1: | ||
− | [http://docs.whmcs.com/Two-Factor_Authentication | + | [http://docs.whmcs.com/Two-Factor_Authentication < Back to Two-Factor Authentication] |
<div class="docs-alert-info"><i class="fa fa-info-circle"></i> This page describes a feature available in version 7.0 and above</div> | <div class="docs-alert-info"><i class="fa fa-info-circle"></i> This page describes a feature available in version 7.0 and above</div> | ||
Line 36: | Line 36: | ||
Once a member of staff or client has [[Security_Modules#Enable_for_Clients|activated Two Factor Authentication]] on their account, upon the next login they will be prompted to complete the DuoSecurity registration process. | Once a member of staff or client has [[Security_Modules#Enable_for_Clients|activated Two Factor Authentication]] on their account, upon the next login they will be prompted to complete the DuoSecurity registration process. | ||
+ | |||
+ | ==WHMCS DuoSecurity Account Migration== | ||
+ | |||
+ | Prior to WHMCS 7.0, users wanting to use DuoSecurity could pay for their DuoSecurity subscription as part of the WHMCS monthly license fee. In WHMCS 7.0, this is changing and users must now signup directly with DuoSecurity for their service. | ||
+ | |||
+ | [http://go.whmcs.com/918/duo-security-signup Click here to signup...] | ||
+ | |||
+ | A phased approach has been implemented for the transition. | ||
+ | |||
+ | Beginning with the upgrade to WHMCS 7.0, existing users of DuoSecurity will be able to continue using the Duo service uninterrupted. However, users will be required to have signed up with DuoSecurity and provided their own DuoSecurity API credentials by November 30th, 2016 to continue using the service. | ||
+ | |||
+ | Warning notices will be displayed to all Full Administrator level users upon login to the admin area, as well as included in the daily system cron notification email, until your own DuoSecurity API Credentials have been configured. | ||
+ | |||
+ | Failure to create and enter your own DuoSecurity API Credentials by 30th November 2016 will result in DuoSecurity Two-Factor Authentication no longer being performed upon login until your own DuoSecurity API Credentials are provided. | ||
+ | |||
+ | If you have an activate subscription for the DuoSecurity service via us, you should have received an email with instructions regarding cancellation and a refund for any unused time on the service. If you have not received this email, please [https://www.whmcs.com/support contact our support team] for further assistance. | ||
==Common Errors== | ==Common Errors== | ||
Line 44: | Line 60: | ||
Different time-zones are taken into account, so time-zone differences won't cause a problem. | Different time-zones are taken into account, so time-zone differences won't cause a problem. | ||
+ | |||
+ | ==Version 7.0 Upgrade== |
Revision as of 14:55, 16 September 2016
< Back to Two-Factor Authentication
Contents
What is DuoSecurity
Duo Security enables your users to secure their logins and transactions using their smartphones. The Duo Mobile smartphone application is free and available on all major smartphone platforms, and lets users easily generate passcodes without the cost and hassle of hardware tokens. iPhone, Android, BlackBerry, and Windows Phone users can use Duo Push which “pushes” login or transaction details to the phone, allowing for immediate, one-tap approval.
Older devices like cellphones and landlines are also fully supported. Duo can send passcodes via text message, or place a phone call - users just press a button on their keypad to authenticate. DuoSecurity will prompt you for a phone number and option to receive a text or phone call. After the text or phone call is received, input the authentication code to proceed.
A second optional page at initial login will prompt to download the DuoSecurity mobile application which performs push notifications allowing you to restrict or allow access under your user from your phone.
You will require your own Duo Security account, they are available free of charge and allow up to 10 users to authenticate: Signup Here.
Configuration
First Login to your account on the DuoSecurity website:
- Click Applications in the left sidebar
- Click Protect an Application
- Locate the Auth API option
- Beneath it click Protect this Application
- Take note of following values:
- Integration Key
- Secret Key
- API hostname
Now login to your WHMCS Admin area as a Full Administrator user:
- Navigate to Setup > Staff Management > Two-Factor Authentication
- Click the "Activate" button next to Duo Security
- To enable Duo Security as a two-factor option for staff and/or clients, tick the corresponding Enable for checkboxes.
- Enter the Integration Key, Secret Key and API Hostname you noted down earlier into the corresponding fields.
- Click Save Changes
Once a member of staff or client has activated Two Factor Authentication on their account, upon the next login they will be prompted to complete the DuoSecurity registration process.
WHMCS DuoSecurity Account Migration
Prior to WHMCS 7.0, users wanting to use DuoSecurity could pay for their DuoSecurity subscription as part of the WHMCS monthly license fee. In WHMCS 7.0, this is changing and users must now signup directly with DuoSecurity for their service.
A phased approach has been implemented for the transition.
Beginning with the upgrade to WHMCS 7.0, existing users of DuoSecurity will be able to continue using the Duo service uninterrupted. However, users will be required to have signed up with DuoSecurity and provided their own DuoSecurity API credentials by November 30th, 2016 to continue using the service.
Warning notices will be displayed to all Full Administrator level users upon login to the admin area, as well as included in the daily system cron notification email, until your own DuoSecurity API Credentials have been configured.
Failure to create and enter your own DuoSecurity API Credentials by 30th November 2016 will result in DuoSecurity Two-Factor Authentication no longer being performed upon login until your own DuoSecurity API Credentials are provided.
If you have an activate subscription for the DuoSecurity service via us, you should have received an email with instructions regarding cancellation and a refund for any unused time on the service. If you have not received this email, please contact our support team for further assistance.
Common Errors
The second factor you supplied was incorrect. Please try again
Seeing this error when activating the DuoSecurity method for the first time means that the code being entered does not match that which DuoSecurity expects. This is caused by the time on your server not matching DuoSecurity's clocks
You can see the time in the top-right corner of your WHMCS admin area, it's taken directly from your server's PHP configuration. So you must ensure the server time is synced exactly with UTC. For example if the server time is 00:01 and the time at DuoSecurity is 00:00 you will see this error. Syncing the server with NTP to ensure the time is exactly right will resolve this.
Different time-zones are taken into account, so time-zone differences won't cause a problem.