How to set-up 2FA Authentication

This section helps admin to set-up two factor authentication flow for the end users.

Two-Factor Authentication (2FA), in ZTrust, is a security process that requires users to provide two different forms of identification to access an account or system, such as a password and a push notification from the ZTrust Authenticator mobile application.

Use Case

  • Admin able to configure the 2FA authentication flow.

  • Users should be able to login by using the configured 2FA flow.

  • ZTrust supports the following as first factor authentication:

    • Username Password

    • Push Notification

    • QR Code

    • Email OTP

  • ZTrust supports the following as second factor authentication:

    • Push Notification

    • QR Code

    • NFC

    • Email OTP

    • TOTP

    • Biometric

Prerequisites

  • User needs to be present in realm where 2FA is to be configured

  • For Push Notification, NFC and QR

    • Admin needs to configure RabbitMQ in the Realm settings.

    • Users need to

      • Install ZTrust Authenticator app in their mobile device.

      • Set their mobile device as a primary device.

  • For TOTP

    • Users need to install ZTrust Authenticator app in their mobile device.

  • For Email OTP

    • Email ID needs to be configured in the user details.

  • For Biometric

    • Users first need to register their biometric details with ZTrust.

Configuration

  1. Click on Authentication in the sidebar.

  2. Click on the kebab menu (three dots) on the right side of the browser flow. Select Duplicate. A popup will appear.

  3. Provide a Name for the flow, "2FA Flow". Click Duplicate. You will be redirected to the new flow configuration.

  4. Delete everything under 2FA Flow forms.

  5. Click on the plus icon on the right side of the 2FA Flow forms. Select Add Sub-flow. A popup will appear.

  6. Provide a Name for the sub-flow, "Username Password flow". Click Add.

  7. Click on the plus icon on the right side of the Username Password flow. Select Add Execution. A popup will appear to select an execution.

  8. Search for Username Password Form, select it and click Add.

  9. Click on the plus icon on the right side of the 2FA Flow forms. Select Add Sub-flow. A popup will appear.

  10. Provide a Name for the sub-flow, "Push Notification Flow". Click Add.

  11. Click on the plus icon on the right side of the Push Notification flow. Select Add Execution. A popup will appear to select an execution.

  12. Search for Push Notification Authenticator, select it and click Add.

  13. Click on the settings menu (gear icon) on the right side of the Push Notification Authenticator. A popup will appear to configure the push notification settings.

  14. Provide an Alias. Set Expires in (in seconds) and click Save.

  15. Change Requirement of the Push Notification Authenticator from Disabled to Required.

  16. Change Requirement of the Push Notification flow from Disabled to Required.

  17. Change Requirement of the Username Password flow from Disabled to Required.

  18. Click on the Actions, on the top right of the page, and then Bind flow. A popup will appear.

  19. Select the Browser flow as the binding type and click Save.

Two-factor authentication with Username, password and Push Notification is now enabled.

PreviousSetup of Biometric based AuthenticationNextZTrust Authenticator

Last updated