DuoSecurity

From WHMCS Documentation

Revision as of 14:05, 15 September 2016 by John (talk | contribs) (Created page with "DuoSecurity will prompt you for a phone number and option to receive a text or phone call. After the text or phone call is received, input the authentication code to proceed....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

DuoSecurity will prompt you for a phone number and option to receive a text or phone call. After the text or phone call is received, input the authentication code to proceed.

A second optional page at initial login will prompt to download the DuoSecurity mobile application which performs push notifications allowing you to restrict or allow access under your user from your phone.

You will require your own Duo Security account, they are available free of charge and allow up to 10 users to authenticate: Signup Here.

Configuration

First Login to your account on the DuoSecurity website:

  1. Click Applicaitons in the left sidebar
  2. Click Protect an Application
  3. Under Auth API Click Protect this Application
  4. Take note of the Integration Key, Secret Key and API hostname values.

Now login to your WHMCS Admin area as a Full Administrator user:

  1. Navigate to Setup > Staff Management > Two-Factor Authentication
  2. Click the "Activate" button next to Duo Security
  3. Enter the Integration Key, Secret Key and API Hostname you noted down earlier into the corresponding fields.

Common Errors

The second factor you supplied was incorrect. Please try again

Seeing this error when activating the DuoSecurity method for the first time means that the code being entered does not match that which DuoSecurity expects. This is caused by the time on your server not matching DuoSecurity's clocks

You can see the time in the top-right corner of your WHMCS admin area, it's taken directly from your server's PHP configuration. So you must ensure the server time is synced exactly with UTC. For example if the server time is 00:01 and the time at DuoSecurity is 00:00 you will see this error. Syncing the server with NTP to ensure the time is exactly right will resolve this.

Different time-zones are taken into account, so time-zone differences won't cause a problem.