Overview

Enable Two-Factor Authentication (2FA) to add an extra layer of protection to your account. It helps prevent unauthorized access by requiring more than just a password. This article will show you how to set up 2FA for safer access to your business data.

1. Understanding Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is a security process that requires two different authentication factors to verify a user's identity. Think of it as having two locks on your door instead of one. Even if someone manages to figure out your password (the first factor), they would still need the second factor to gain access. This significantly reduces the risk of unauthorized logins.

The two common categories of authentication factors are:

• Something you know: This is your password or a PIN.

• Something you have: This could be a security token, a smartphone receiving a one-time code, or a biometric scan.

iVendNext offers several methods for implementing the second factor of authentication, which we will explore in detail below.

2. Why You Should Enable 2FA for iVendNext

Enabling 2FA for your iVendNext account offers several key benefits:

• Enhanced Security: It significantly reduces the risk of unauthorized access, even if your password is compromised [1].

• Protection Against Phishing: Even if you inadvertently enter your password on a fake website, the attacker will not be able to log in without the second factor.

• Compliance Requirements: In some industries, 2FA is a mandatory security requirement for compliance.

• Peace of Mind: Knowing that your account is protected with an extra layer of security can provide greater peace of mind.

Highlight: Enabling Two-Factor Authentication is a simple yet highly effective step you can take to significantly improve the security of your iVendNext account.

3. Enabling Two-Factor Authentication in iVendNext: A Step-by-Step Guide

The process of enabling 2FA in iVendNext involves a few key steps. Please follow the instructions below carefully.

3.1. Activating 2FA via Command Line

The initial activation of 2FA for your iVendNext site needs to be done using a command-line interface.

1. Access your server: If you have a self-hosted iVendNext account, access the server where iVendNext is installed.

2. Run the command: Open a terminal or command prompt and navigate to your iVendNext installation directory. Then, run the following command, replacing [sitename] with the name of your iVendNext site [1]:

bench --site [sitename] set-config enable_two_factor_auth true

This command activates the 2FA feature for your specified iVendNext site.

3.2. Configuring 2FA Methods in System Settings

After activating 2FA via the command line, you need to configure the preferred method of OTP (One-Time Password) validation within the iVendNext System Settings.

1. Log in as an Administrator: Log in to your iVendNext account as an Administrator [2].

2. Navigate to System Settings: Go to the "Home" screen and search for or navigate to "System Settings".

3. Go to the "Login" Tab: Within the System Settings, click on the "Login" tab.

[Suggest Product Image: Screenshot of the System Settings interface with the "Login" tab highlighted. [Based on Source 8]]

4. Specify OTP Validation Method: Under the "Two Factor Authentication" section, you will find options to choose the method of OTP validation [1]:

• OTP App: This method uses a Time-based One-time Password (TOTP) generated by an authenticator app on your smartphone (e.g., Google Authenticator, Authy, Lastpass Authenticator, Duo Mobile) [1, 3]. This is generally considered the most secure method.

• Email/SMS: This method uses a Hash-based One-time Password (HOTP) sent to your registered email address or phone number via SMS [1].

5. Configure Additional Settings (if applicable):

• Expiry Time for QR Code (for OTP App): If you choose "OTP App", you can specify the expiry time for the QR code displayed during the initial setup [1]. This is a security measure to prevent unauthorized scanning of the QR code. The default is often sufficient.

• OTP Issuer Name (for OTP App): You can also specify the name that will be displayed in your authenticator app for your iVendNext account [1]. This helps you easily identify the source of the OTP.

6. Save Settings: Once you have configured your preferred OTP validation method and other relevant settings, click the "Save" button.

3.3. Enabling 2FA for Specific Roles

Upon activation of 2FA, it is automatically enabled for the "All" role in iVendNext, meaning all users, including the Administrator, will be required to use a token for login. You can, however, customize this to require 2FA for specific roles only.

1. Navigate to Role List: Go to "Users" and then "Role".

2. Select the "All" Role: Find and open the "All" role.

3. Disable 2FA for the "All" Role (Optional): To restrict 2FA to specific roles, uncheck the "Two Factor Authentication" checkbox in the "All" role and click "Save" [1, 4].

4. Enable 2FA for Other Roles (as needed): Open the specific roles for which you want to enforce 2FA and check the "Two Factor Authentication" checkbox. Click "Save". This allows you to have different security requirements for different user groups within your organization.

Important Note: 2FA does not apply to login by Web Users and API login.

3.4. Setting up 2FA as a New User

When a new user (or an existing user after 2FA is enabled for their role) tries to log in to iVendNext for the first time with OTP App as the chosen method, they will need to register their device.

1. First Login Attempt: The user will enter their username and password as usual.

2. QR Code Generation: If OTP App is selected, iVendNext will generate a unique QR code for the user. An email containing a link to this QR code will be sent to the user's registered email address.

3. Scan the QR Code: The user needs to open their chosen authenticator app on their smartphone and scan the QR code either from the email link or directly on the screen (depending on the login interface).

4. Enter the OTP: Once the QR code is scanned, the authenticator app will start generating time-based one-time passwords (OTPs). The user needs to enter the current OTP displayed in the app into the iVendNext login screen.

5. Verification and Login: If the OTP is correct, the user will be successfully logged into their iVendNext account. The authenticator app will continue to generate new OTPs at regular intervals for future logins.

If Email/SMS is used as the authentication method, the OTP will be sent directly to the user's registered email address or phone number upon their second login attempt after entering their password. They will then need to enter this OTP to complete the login process.

3.5. Ensuring SMS and Email Settings are Correct (if applicable)

If you choose to use Email or SMS for 2FA, it is crucial to ensure that your outgoing email account settings and SMS settings are correctly configured in iVendNext [4]. Incorrect settings will prevent users from receiving the OTPs. You can configure these settings within the System Settings.

4. Frequently Asked Questions (FAQ)

Que. I am unable to login even after following the entire process. 

Ans: iVendNext uses a TOTP-based OTP algorithm, which relies on your device's system time. 

Please ensure that the time set on the device you are using (your smartphone for the authenticator app) is synchronized with the time on your iVendNext server. 

Any significant time difference can cause the generated OTPs to be invalid.