Security Manager

Two-Factor Authentication Setup

Two-Factor Authentication increases system security by requiring users to validate their identity beyond entering their user name and password before they are allowed to log on. When Two-Factor Authentication is set up and a user is logging on, the system sends the user an email or text message to confirm authorization. See Security Sign On.

(Two-Factor Authentication Setup was added in PxPlus 2023.)

To set up Two-Factor Authentication, click the Two-Factor Authentication Setup button in User Maintenance. This button is available only to users with the ADMIN classification.

The following window displays:

This window consists of the following:

Authentication Required

This option controls whether Two-Factor Authentication will be set up or disabled on the system. Click the drop-down arrow for a list of selections:

Disabled	*(Default)* Two-Factor Authentication is not set up.
Optional by user	Two-Factor Authentication is determined on a user-by-user basis, depending on the Verify drop box selection in User Maintenance.
Mandatory	Two-Factor Authentication is required for all users. All users *must* provide a verified email address and/or SMS phone number before they are allowed to log on.

Application Name

Enter the application name that will be used in verification emails and/or text messages sent to users.

Email Server

Define the email server that will be used to validate the user:

SMTP Server	Internet address of the email server to use to send out email verification requests.
Port Number	Port number to use to connect to the email server. Generally, this will be 465 for a secure connection or 587 for a START TLS connection. *(Default: 465)*
Use SSL/TLS	Indicates if you want to connect to the email server securely, thereby encrypting all communications between your system and the server. *(Defaults to On - Recommended)*
Send From	Email address that you want the system to use as the "From" address in any emails that are sent.
Userid	User ID that is needed to sign on to the email server. Generally, this will be the same as the Send From email address. *(Defaults to the Send From address)*
Password	Password associated with the User ID. It will be saved in an encrypted format in the system control file to minimize the potential of it being exposed. Click the Password eye button to toggle between displaying an encrypted and unencrypted password. This is useful for checking that the password is entered correctly.
Test Email	Button that invokes the Test Email window for entering an email address to send a test email to (defaults to the Send From email address). It is strongly recommended to use this button to ensure the settings are correct before saving:

SMS Text Message Server

Define the SMS server that will be used to validate the user:

SMS Provider

Service provider that will be used to issue your SMS messages.

Important Note:
You must first set up an account with any service provider you choose from the list of providers on the *TOOLS/SMS Help page.

Account Information

Account information as required by the selected service provider.

Important Note:
See the *TOOLS/SMS Help page for details on the format of this field when entering account information, as this varies based on the service provider chosen.

Test SMS

Button that invokes the Test SMS window for entering a phone number to send a test SMS message to. It is strongly recommended to use this button to ensure the settings are correct before saving:

Authentication Duration New/Expired Devices

Note:
Applies only to users with the Verify option in User Maintenance set to On new/expired device.

When a user is authenticated, the system can be set to defer future authentication requests for a period of time (Minutes, Hours or Days), depending on the device the user used. This can range from 0 minutes (forces re-authentication ever time the user logs on) to 99999 days (effectively never ask again).

The period chosen can be different when the user is on a Desktop system (using NOMADS) or a Web Browser (using iNomads).

Save

Saves the settings and closes the Setup Two-Factor Authentication window.

Cancel

Closes the Setup Two-Factor Authentication window without saving changes.

Security Manager

Important Note: You must first set up an account with any service provider you choose from the list of providers on the *TOOLS/SMS Help page.

Important Note: See the *TOOLS/SMS Help page for details on the format of this field when entering account information, as this varies based on the service provider chosen.

Note: Applies only to users with the Verify option in User Maintenance set to On new/expired device.

See Also

Important Note:
You must first set up an account with any service provider you choose from the list of providers on the *TOOLS/SMS Help page.

Important Note:
See the *TOOLS/SMS Help page for details on the format of this field when entering account information, as this varies based on the service provider chosen.

Note:
Applies only to users with the Verify option in User Maintenance set to On new/expired device.