This article will show how to configure your Hypersocket product to use two factor (or more) authentication when logging in to the various interfaces and clients that are available.
Step 1: Identifying the authentication modules
The Authentication processes that are currently configured can be viewed from the Authentication page.
By default each authentication process uses Username and Password, on the right of the screen is a list of the modules that are available.
The colour of each module indicates how and where it can be used:
Yellow – Establishes the user’s identity, can only be used with Green authentication modules
Green – Authentication that requires a secret that is known to the user, Password, PIN, Security Questions, etc. Can be used with Yellow and Blue authentication modules
Blue – Authentication requiring the username and a secret on the same page, can be used with Green authentication modules
Red – Provides a different type of authentication and must be used alongside another Green or Blue authentication module
Step 2: Adding Authentication Modules
Select the module that you wish to add as the second level of authentication and select the + to add it into the authentication flow, and select the Save option. The flow should now look something like this.
In this case, when the user logs in the first page will prompt for their username and password, then on the next page the prompt will be for the PIN set in their account.
What are the different Authentication Schemes?
So far we have only been dealing with the Browser Authentication Scheme, this is only used when logging in to the Hypersocket server through the web interface. Each Hypersocket product has a number of different ways to access the server and each of these has an associated Authentication Scheme and modules available. On this server we have WebDAV and Client schemes available.
What Modules are Available for Authentication?
Password - Standard Password authentication that allows the user to use their account password to login to the Hypersocket server.
PIN - The user can set a PIN in their account, when authenticating the user will be prompted to provide this to complete authentication.
One Time Password (OTP) - OTP authentication generates a password that has one use and sends it to the users email or phone (via SMS). This password must be provided in order to login.
reCAPTCHA - Uses the Google reCAPTCHA authentication to provide an image with letters or numbers that user must provide to prove they are human.
Security Questions - User user must set answers to a series of questions, when authenticating the system will select random questions to be asked that the user will need to provide the correct answers for.
Duo - Allows the Hypersocket server to integrate with third party Duo authentication
Yubico - Allows the Hypersocket server to integrate with third party Yubico authentication
SAML - Allows the server to authenticate against any SAML 2.0 Identity Provider