Difference between revisions of "DuoSecurity"
From WHMCS Documentation
(→Enabling Duo Security as a Client) |
|||
| Line 1: | Line 1: | ||
[http://docs.whmcs.com/Two-Factor_Authentication < Back to Two-Factor Authentication] | [http://docs.whmcs.com/Two-Factor_Authentication < Back to Two-Factor Authentication] | ||
| − | ==What is Duo Security== | + | == What is Duo Security == |
| − | Duo Security increases security by adding a second identity verification to logins. By requiring | + | Duo Security increases security by adding a second identity verification to logins. By requiring both a password and a unique one-time code, it protects your WHMCS installation and accounts against unauthorized access. |
| − | ==Why Duo Security?== | + | == Why Duo Security? == |
| − | Duo Security is free up to 10 users which makes it a perfect solution for securing administrator logins. | + | Duo Security is free up to 10 users, which makes it a perfect solution for securing administrator logins. |
The Duo Mobile app is free and available on all major smartphone platforms, and lets users easily generate passcodes without the cost and hassle of hardware tokens. | The Duo Mobile app is free and available on all major smartphone platforms, and lets users easily generate passcodes without the cost and hassle of hardware tokens. | ||
| − | + | iPhone®, Android™, BlackBerry®, and Windows® Phone users can also use Duo Push. This “pushes” login or transaction details to your phone, allowing for immediate one-tap approval. | |
<div class="docs-alert-info"> | <div class="docs-alert-info"> | ||
| − | You will require | + | You will require a Duo Security account with an account level of '''Duo MFA''' or higher in order to access the Duo API. [https://go.whmcs.com/918/duo-security-signup Click here to sign up]. |
</div> | </div> | ||
| − | ==Configuring Duo Security== | + | == Configuring Duo Security == |
| + | |||
[[File:Duo1.png|thumb|Protect an Application]][[File:Duo2.png|thumb|Protect Auth API]] | [[File:Duo1.png|thumb|Protect an Application]][[File:Duo2.png|thumb|Protect Auth API]] | ||
To configure Duo Security in WHMCS, follow the steps below: | To configure Duo Security in WHMCS, follow the steps below: | ||
| − | # | + | # Log in to your account at [https://admin.duosecurity.com/ Duo Security]. |
| − | # Click ''Applications'' in the left sidebar | + | # Click '''Applications''' in the left sidebar. |
| − | # Click ''Protect an Application'' | + | # Click '''Protect an Application'''. |
| − | # | + | # Under '''Auth API''', click '''Protect this Application'''. If you don't see this option, contact Duo support. |
| − | + | # Retrieve the following values: | |
| − | + | #* Integration Key | |
| − | # | + | #* Secret Key |
| − | * Integration Key | + | #* API hostname |
| − | * Secret Key | + | # Log in to the WHMCS Admin Area as an admin with Full Administrator privileges. [[File:Duo3.png|thumb|Complete configuration in WHMCS]] |
| − | * API hostname | ||
| − | |||
| − | |||
| − | [[File:Duo3.png|thumb|Complete configuration in WHMCS]] | ||
# Navigate to '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > Two Factor Authentication''' or, prior to WHMCS 8.0, '''Setup > Staff Management > Two-Factor Authentication'''. | # Navigate to '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > Two Factor Authentication''' or, prior to WHMCS 8.0, '''Setup > Staff Management > Two-Factor Authentication'''. | ||
| − | # Click | + | # Click '''Activate''' next to Duo Security. |
| − | # To enable Duo Security as a two-factor option for staff, | + | # To enable Duo Security as a two-factor option for staff, check '''Enable for Staff'''. |
| − | # To enable Duo Security for customers, | + | # To enable Duo Security for customers, check '''Enable for Clients'''. |
| − | # Enter the Integration Key, Secret Key and API Hostname you | + | # Enter the Integration Key, Secret Key, and API Hostname you retrieved. |
| − | # Click ''Save Changes'' | + | # Click '''Save Changes'''. |
| − | |||
| − | |||
| − | + | == Enabling Duo Security as an Admin User == | |
| − | + | To enable Duo Security for an admin: | |
| − | + | # Perform the steps above to configure Duo Security. | |
| + | # Navigate to the '''My Account''' page within the WHMCS Admin Area. | ||
| + | # Click '''Enable Two-Factor Authentication'''. | ||
| + | # Follow the instructions to complete the setup process. | ||
| − | + | == Enabling Duo Security as a Client == | |
| − | + | To enable Duo Security as a client: | |
| − | + | # Log in to the WHMCS Client Area. | |
| + | # Go to '''Account > My Account > Security Settings''' or, prior to WHMCS 8.0, '''My Account > Security Settings'''. | ||
| + | # Click '''Enable Two-Factor Authentication'''. | ||
| + | # Follow the instructions to complete the setup process. | ||
| − | + | On all future login attempts, the client will be asked to complete the Two-Factor Authentication process. | |
| − | + | == Troubleshooting == | |
| − | + | === The second factor you supplied was incorrect. Please try again === | |
| − | + | Seeing this error when activating the DuoSecurity method for the first time indicates that the code does not match what DuoSecurity expects. This is caused by the time on your server not matching DuoSecurity's clocks. | |
| − | |||
| − | Seeing this error when activating the DuoSecurity method for the first time | ||
| − | You can see the time in the top-right corner of your WHMCS | + | You can see the time in the top-right corner of your WHMCS Admin Area. WHMCS retrieves this directly from your server's PHP configuration and you must ensure that the server time is synced exactly with UTC. For example, if the server time is 00:01 and the time at DuoSecurity is 00:00, you will see this error. Syncing the server with [http://en.wikipedia.org/wiki/Network_Time_Protocol NTP] to verify the time will resolve this. |
| − | Different | + | Different timezones are taken into account, ensuring that these differences won't cause a problem. |
Revision as of 13:53, 10 September 2021
< Back to Two-Factor Authentication
Contents
What is Duo Security
Duo Security increases security by adding a second identity verification to logins. By requiring both a password and a unique one-time code, it protects your WHMCS installation and accounts against unauthorized access.
Why Duo Security?
Duo Security is free up to 10 users, which makes it a perfect solution for securing administrator logins.
The Duo Mobile app is free and available on all major smartphone platforms, and lets users easily generate passcodes without the cost and hassle of hardware tokens.
iPhone®, Android™, BlackBerry®, and Windows® Phone users can also use Duo Push. This “pushes” login or transaction details to your phone, allowing for immediate one-tap approval.
You will require a Duo Security account with an account level of Duo MFA or higher in order to access the Duo API. Click here to sign up.
Configuring Duo Security
To configure Duo Security in WHMCS, follow the steps below:
- Log in to your account at Duo Security.
- Click Applications in the left sidebar.
- Click Protect an Application.
- Under Auth API, click Protect this Application. If you don't see this option, contact Duo support.
- Retrieve the following values:
- Integration Key
- Secret Key
- API hostname
- Log in to the WHMCS Admin Area as an admin with Full Administrator privileges.
- Navigate to Configuration () > System Settings > Two Factor Authentication or, prior to WHMCS 8.0, Setup > Staff Management > Two-Factor Authentication.
- Click Activate next to Duo Security.
- To enable Duo Security as a two-factor option for staff, check Enable for Staff.
- To enable Duo Security for customers, check Enable for Clients.
- Enter the Integration Key, Secret Key, and API Hostname you retrieved.
- Click Save Changes.
Enabling Duo Security as an Admin User
To enable Duo Security for an admin:
- Perform the steps above to configure Duo Security.
- Navigate to the My Account page within the WHMCS Admin Area.
- Click Enable Two-Factor Authentication.
- Follow the instructions to complete the setup process.
Enabling Duo Security as a Client
To enable Duo Security as a client:
- Log in to the WHMCS Client Area.
- Go to Account > My Account > Security Settings or, prior to WHMCS 8.0, My Account > Security Settings.
- Click Enable Two-Factor Authentication.
- Follow the instructions to complete the setup process.
On all future login attempts, the client will be asked to complete the Two-Factor Authentication process.
Troubleshooting
The second factor you supplied was incorrect. Please try again
Seeing this error when activating the DuoSecurity method for the first time indicates that the code does not match what DuoSecurity expects. This is caused by the time on your server not matching DuoSecurity's clocks.
You can see the time in the top-right corner of your WHMCS Admin Area. WHMCS retrieves this directly from your server's PHP configuration and you must ensure that the server time is synced exactly with UTC. For example, if the server time is 00:01 and the time at DuoSecurity is 00:00, you will see this error. Syncing the server with NTP to verify the time will resolve this.
Different timezones are taken into account, ensuring that these differences won't cause a problem.