1. Home
  2. Knowledge Base
  3. Security
  4. Setting up Two-Factor Authentication (2FA) in m-Power

Setting up Two-Factor Authentication (2FA) in m-Power

Overview

Two-factor authentication has become a popular method of providing an additional security layer in regards to user authentication. When a user authenticates via their username and password, a secondary form of authentication is prompted where the user must enter in a unique code that is sent to the user via email or text message.

This document will discuss steps on how to set up two-factor authentication in m-Power.

Using m-Power’s built-in 2FA requires that you are utilizing a non-SSO option for user authentication. For more information on the different options offered for user authentication, please see here.

Implementation

Step 1 – Editing your Security Settings

In the m-Power developer interface, navigate to Admin -> Menu & Security -> Edit Security Settings. In the Security Settings window that appears, use the Property Options -> Text Mode to open this file (the mrcSignon2.xml) in a text editor. This file will need the following code added to the bottom, inserted right before the final </mrc_signon> tag:

<two_step_auth>  	 
  <twoFactorAuthentication pdesc="twoFactorAuthentication" value="true"/> 
  <sendTextEmail pdesc="sendTextEmail" value="user-choice"/> 
  <emailSubject pagetype="template">2FA Test from m-Power</emailSubject>
  <emailBody pagetype="template">Here is your verification code: ${CODE}</emailBody>
  <smsTextBody pagetype="template">Here is your verification code: ${CODE}</smsTextBody>
  <expireInDays pdesc="expireInDays" value="31"/>
  <user_info_table tablename="DICTIONARY.MRCSEC1" col_user="USERID" col_email="USEREMAIL" col_phone="USERPHONE"/>
</two_step_auth>

Once this block of code has been added, save the editor and re-open the Edit Security Settings window. The Two Factor Authentication section should now be presented:

Security Settings with 2FA options

2FA Properties

All 2FA properties shown in the above figure are explained in detail below:

Email Subject

The subject text of the email that will be sent to the user containing the verification code. Only applicable when the Message Type Option is either “Email” or “Both”.

Email Text and SMS Text Body

This is the display text the user will be shown via SMS text and email, respectively. Each message may be modified to your liking.

The variable ${CODE} represents the authentication code that will supplied to the user. If you do not put it in there, it will append the code to the end of the body.

Two Factor Authentication

Enables or disables the user of 2FA within the current data dictionary.

Message Type Options

Use to select the verification options presented to the user. Choices are

  • SMS
  • Email
  • Both

Selecting both will allow the user to choose at runtime between SMS and Email for their verification code.

To send an SMS text message or an email to a user, the Messaging Configuration file in m-Power must be configured with either the SMS relay account information and/or the mail server information. See here for more information.

Two Factor Expiration

Use this option to specify the number of days before the 2FA cookie (set in the browser) will expire for the user and thus will require the user to re-authenticate via 2FA again.

For example, when a user signs in and authenticates against 2FA for the first time, here are some applicable options for this setting:

  • A value of 30 means 30 days from the initial sign on before the user’s next sign on attempt will require 2FA again. This number can be adjusted as desired.
  • A value 0 means no expiration date after the end-user’s initial 2FA. The user will never be presented with 2FA again, unless they attempt to access the application from a new device or new browser.
  • A value of -1 means 2FA will be prompted to the end-user on every sign on attempt.
Table and Column info

The table and columns that contain the user information, which m-Power will use for sending the user an email or SMS text message, must be specified here.

Step 2 – Setting up the 2FA screen

The screen that will presented to the end-user during the 2FA process is the mrcAuthentication.html file located in your dictionary folder, …/m-power/mrcjava/WEB-INF/classes/DICTIONARY, where ‘DICTONARY’ is name of your data dictionary. If this file is not within this directory, simply copy it from …/m-power/mrcjava/mrcclasses/ into your dictionary folder.

While not necessary, you may customize the style of this page to your liking, if desired. Here is an example of how that screen will look by default:

2FA screen

Step 3 – Add entry to web.xml file

Open the web.xml file, located in …/m-power/mrcjava/WEB-INF in a text editor and do a search for “mrc_auth2”.

The following servlet shown below must be listed in this file. If is it not listed, please copy the code and place this at the bottom of the file before the final </webapp> tag at the very bottom of the file.

<servlet>
  <servlet-name>mrc_auth2</servlet-name>
  <servlet-class>mrc.TwoFactorAuthentication</servlet-class>
</servlet>
<servlet-mapping>
  <servlet-name>mrc_auth2</servlet-name>
  <url-pattern>/servlet/mrc.auth2</url-pattern>
</servlet-mapping>

Once the file has been saved, Tomcat will need to be restarted at this point.

Updated on July 23, 2024

Was this article helpful?

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support