Coming soon: Your brand new Help Center & Community! Get a sneak-peek here

Customer portal and 2-factor validation

Hi

 

Does anyone have experience or know if it is possible to configure 2-factor validation for login to customer portal.

For instance requiring a SMS with a code each time a login is performed?

Thanks in advance.

Best regards

Ole

RE: Customer portal and 2-factor validation

Hi,

In service, there is a trigger which allows you to intercept the authentication to the customer portal:

Using it, you can redirect to a custom page you can create that gets the 2FA credentials (i.e. sends an SMS or similar), and then authenticate. We have implemented a customization using this for a customer who is using Cisco DUO on their customer portal for logins.

Sverre

Von: Sverre Hjelm 7. Mai 2021

RE: Customer portal and 2-factor validation

Hi Sverre

 

Thank for the prompt reply on this. 

Do you have some more details about the actual implementation, is it something that we as a SuperOffice customer can get access to (through a subscription or otherwise) and what does it require - I'm not familiar with Cisco Duo but have just asked our provider of Cisco solutions about this part?

 

Best regards

Ole

 

Von: Ole Ejlersen 7. Mai 2021

RE: Customer portal and 2-factor validation

Hi,

The implementation was done as a consultancy job for a customer, so I cannot give you the code. It is a bit tricky, and there are some technical details to work out, but in short it works like this:

  1. The trigger is called when a successful login to the portal has been made (i.e. the customer submittet correct username and password). This is the first authentication. The trigger just redirects to a new custom page (customer.fcgi?action=safeParse...).
  2. The new page that you get redirected to can show the 2FA authentication. In our case, this is done by using some custom javascript and iframe stuff that Cisco DUO provides. Then the whole 2FA process is managed by this code.
  3. Finally, when their auth is done, they are redirecting to a URL we specified in #2. This URL is another custom page, which then finalizes the login and redirects the customer to the logged in welcome page.

Sverre

Von: Sverre Hjelm 10. Mai 2021

RE: Customer portal and 2-factor validation

Hi Sverre

Thank you for the answer. I did look into Cisco solution but the cost will be massive for this and I'll have to look at other solutions like one of the authentification applications that exists on the market and user typically have on their mobile phones. 

Do you have anyone with something like this implemented or a solution for it?

I'm actually wondering why this isnt built into the solution already - is it on the roadmap.

 

Best regards

Ole

 

Von: Ole Ejlersen 12. Mai 2021

RE: Customer portal and 2-factor validation

Hi Ole,

Let me be specific: using Cisco DUO is not a requirement. It was only the choice of our customer. The most important part of what I wrote is how to create 2FA for the customer center. I am pretty sure you could create your own 2FA by sending an SMS with a random code to the user in the trigger script (and also storing it somewhere), and then prompt for that code in a custom screen.

I am not sure if 2FA for the customer center is on the backlog. Michel?

Sverre

Von: Sverre Hjelm 12. Mai 2021

RE: Customer portal and 2-factor validation

Hi,

2FA is not specifically on the backlog, but we are discussing different methods for authentication on Customer centre. 

Von: Michel Krohn-Dale 14. Mai 2021