Welcome to our Support Portal. Search for answers using the search box below, or create a support ticket if you cannot find your answer.
Two-Factor Authentication
Two-Factor Authentication will be mandatory on ALL FlowLogic instances from 01/01/2024
For any steps requiring changes to the system settings please consult the helpdesk team on 1300 552 166 or submit a ticket to "support@datanova.com.au"
- Enabling Two Factor Authentication
- A minimum, required level of 2FA can be selected for all users from the following list (which is shown in ascending order of security):
- None (No second factor is required that being the least secure option)
- Email/SMS only
- Google Authenticator or Email/SMS
- Google Authenticator only
- The second authentication factor is access to the user’s email address, phone number or the Google Authenticator app. The actual data that gets sent via Email/SMS/Google Authenticator is a six-digit code.
- Individual users can set a higher level of required 2FA for their own account but not a level that is lower than the system wide default.
- To set this system wide default:
- Log on as dnsadmin and select System Settings -> Users
- Use the dropdown menu entitled “Require these types of 2FA for all users” to select the required second factors:
- Click “Save Changes”
- A minimum, required level of 2FA can be selected for all users from the following list (which is shown in ascending order of security):
If you include Email/SMS as an option, the post save flash messages will include warnings that list those users who lack a mobile number and/or only use a no-reply email address:
- If the system is not configured for SMS, a warning to that effect will also appear after you save the settings and use of SMS to the user’s number as the second factor will not be offered as an option at login time.
- If you include use of Google Authenticator as an allowed second factor, the next successful ‘first factor login’ by a user will see them presented with a screen like this:
- Google Authenticator or Authy or another, similar app (but not Microsoft Authenticator) can be set up by the user using such a QR code.
- Setting “Days to Remember 2FA Success”
- While logging in with a second factor, a user may select an option to remember the successful authentication of same on that device for some number of days.
In the above example, another six-digit code will not be required to log in from the same device for the next 30 days. The definition of ‘device’ includes both machine and browser.
Use System Settings -> Users to configure the value of “Remember 2FA Success for this many days”. A setting of “Never” will ensure that option is not presented to the user.
- Setting “Permitted Social Logins”
- Users might also use a social account rather than a username and password as the first factor during log in (provided that the social account has the same email address and first and last name as their Flowlogic account). If 2FA is enabled, they will still need to provide a six-digit code as described above.
- At present, users can log in via their Google, Facebook or Microsoft social/personal accounts depending on a system configuration that allows them to do so. Use System Settings -> Users to configure the list of “Permitted Social Logins”:
In the above example, only Google and Microsoft are allowed so the system log in screen looks like this:
The username and password can still be the first factor of choice.
User Settings for FlowLogic Two Factor Authentication (2FA) and Log In via Social Account
- Setting the Required Level of Two Factor Authentication
- Your administrator will select a minimum, required level of 2FA for all users from the following list (which is shown in ascending order of security):
- None (No second factor is required that being the least secure option)
- Email/SMS only
- Google Authenticator or Email/SMS
- Google Authenticator only
- Your second authentication factor is access to your email address, phone number or your (appropriately configured) copy of the Google Authenticator app. The actual data that gets sent via Email/SMS/Google Authenticator is a six-digit code.
- You can set a higher level of required 2FA for your own account but not a level that is lower than the system wide default.
- To set a higher level of 2FA for your account:
- Log on to FlowLogic and select ‘My Profile’ from the dropdown menu with your name on it:
- Your administrator will select a minimum, required level of 2FA for all users from the following list (which is shown in ascending order of security):
Use the dropdown menu labelled as “Required Two Factor Authentication” to select a level of 2FA that is higher than the system wide minimum:
- Click “Save Preferences”
- In the above example, the user is setting a requirement for entry of a six-digit code received via Email/SMS or Google Authenticator App during the login process. This is a higher level of security than the default value of ‘None’ (that is, no six-digit code is required during login) as set by the system administrator.
- Once an option that includes use of the Google Authenticator app is selected and saved, a button to trigger the setup process for your copy of the Google Auth. App will appear:
Click the button entitled “Read a new QR code” before using Google Authenticator to read the code:
Click the button entitled “I have read the QR code” once you have done so to view the following:
Type a six-digit key from your newly configured Google Authenticator app into the box just below the QR code and hit the Enter key. Once you have done that, you are ready to use Google Authenticator during your next login.
Logging in and Setting “Days to Remember 2FA Success”
- After entering your password as usual during your next login, you will see a new screen requesting a six-digit code. You can get the required six-digit code from email, SMS or Google Authenticator as per the required level of 2FA that you set according to para 1.d.ii above. While logging in with that six-digit code, you may select an option to remember its successful authentication on that device for some number of days.
- In the above example, another six-digit code will not be required to log in from the same device for the next 30 days. The definition of ‘device’ includes both machine and browser.
- Your system administrator will set the number of days that your successful login can be remembered for. You are unable to change that number.
- Logging in With Your Social Account
- You might also use a social account rather than a username and password as the first factor during log in (provided that your social account has the same email address and first and last name as your Flowlogic account). If 2FA is enabled, you will still need to provide a six-digit code as described above.
- Your system administrator will configure which social accounts can be used for login to FlowLogic by selecting some combination of Google, Facebook or Microsoft social/personal accounts. You are unable to change that setting. For example, the following image shows a site with login via Google or Microsoft enabled:
Of course, the username and password can still be the first factor of choice.