Two-factor authentication

If two-factor authentication (2FA) is configured for your site, portal users can optionally enable it for their accounts. With two-factor authentication, the user receives a security code by text or email when they enter their user name and password on the login screen. They must then enter the security code to finish logging in.

To enable two-factor authentication, users can click the Enable Two Factor Authentication button in the Dashboard or the My Profile page. After clicking the button, the users selects a communication preference to receive a code to enable two-factor authentication. After 2FA is enabled, the Disable Two Factor Authentication is shown instead.

System administrators can also use the Portal User InfoViewer in Infor Public Sector to disable two-factor authentication for specific portal users. To open the Portal User InfoViewer, click the Portal Account link for a contact information record. To disable two-factor authentication in the Portal User InfoViewer, click Action and select Reset Two Factor Authentication.

Note: You cannot enable two-factor authentication for portal users in Infor Public Sector, only disable it if the user has enabled it in the portal.

Configuration

To configure two-factor authentication, edit the PortalSetup configuration for the Infor Public Sector site. Add the Two Factor Authentication node under the Portal User node and set the Enabled attribute to True.

See PortalSetup configuration.

The Notification Type attribute of the Two Factor Authentication node specifies the notification type to use to send security codes to users. This must match an active notification type that is defined under the NOTIFICATIONS node of the Hansen8 configuration.

The notification type in the Hansen8 configuration specifies the name of a template that is defined in the Notification Templates (RNT) page in Infor Public Sector. Default notification templates for two-factor authentication are provided for both email and text communications.

  • For email communications, use Portal_TwoFactorAuthentication_Email.
  • For text messages, use Portal_TwoFactorAuthentication_SMS.

Errors

If two-factor authentication is not configured correctly, the user will see this error message when they attempt to log in:

Login not possible. 2FA notifications are unavailable.

If site users report 2FA error messages, check these settings:

  • Ensure that 2FA is enabled in the PortalSetup configuration.
  • Check that the 2FA notification type specified in the PortalSetup configuration is configured correctly under the NOTIFICATIONS > Notification Types node in the Hansen8 configuration.

    Each notification type under the Notification Types node has one or more method nodes as children. Each method node defines a notification method (email or SMS) that is available for the parent notification type.

    To be effective a notification type must have the Enabled attribute set to True for at least one notification method. The Notification Template ID attribute on the notification method node specifies the template to use.

  • In the Notification Templates (RNT) page, ensure that the template specified for the notification method in the Hansen8 configuration is a valid notification template.
Note: We suggest that you consider disabling two-factor authentication in the PortalSetup configuration until the issue is resolved.