Two-factor authentication (2FA)
Users can now use 2FA with Google Authenticator (or another Time-Based, One-Time Password aka TOTP-compliant authenticator) to add two-step verification when signing in to GpsGate Server for added security.
Deploy 2FA at the server level
An administrator user can update this setting from within any application.
1. From the main menu, choose Server Administration → Account → Settings
2. Go to the Security tab. Click Allowed to make changes, and enter your password to make modifications.
3. Enable 2FA and enter the issuer.
The 2FA issuer name will be used with your authenticator app.
Enable the Two-factor Authentication per application
Each application could have 2FA enabled or not. To enable it, follow these steps:
- Go to Site Admin → privileges and features of the application → Admin → _Use2FAManager, and enable it.
- Save your application.
Enable 2FA for your account (end user)
- Log in to your Vehicle Tracker application (with the end user account).
- Click on Settings in the drop-down menu under your username.
- Select Two-factor authentication.
- Toggle the switch Enable 2FA to On, and enter your password to continue
- Follow the instructions in the 2FA setup screens
- Scan QR code with Google Authenticator (or another authenticator app)
- Enter 6 digit verification code and click Complete.
2FA is now enabled on your account and will be active the next time you log in. Save the backup codes so that you can recover your account if you lose your authenticator device.
Note: When you enable 2FA, it will be used in every application the user belongs to.
Login using 2FA (end user)
With 2FA enabled, you will be asked to verify your identity with your authenticator app. You will be presented with the following screen:
Enter the 6 digit 2FA challenge from your authenticator app to login.
Note: Checking the option "Remember this device for 30 days" will pause verification for a month.
Disable 2FA for the user
- Login to your Vehicle Tracker application.
- Click on "Settings" in the drop-down menu under your username and select "Two-factor authentication"
- Toggle the switch Enable 2FA to Off, and enter your password to validate it is you
2FA is now disabled for your account. You can re-enable it by toggling the Enable 2FA switch again.
Administration of 2FA users inside the application
As an administrator, you can check which users have 2FA enabled and remove the 2FA requirement for users (for example, if they have lost their credentials).
1. Select Admin → Two-factor Authentication Manager to see the list of users with 2FA enabled
- To remove 2FA for a user, click on the remove icon.