Can 2FA Be Used in the eBA Mobile App?
When logging in to the eBA Mobile application, the following guidelines must be followed when using the Google 2FA infrastructure.
1) Server-Side Things to Do
- Valid in current versions of eBA.
- The following keys should be added to the eBAConfiguration Editor
>
Advanced>
Security tab. - The CustomMFA field should be created and the MFAMode information should be set to Google.
- eBA Interface
>
Document Management>
Turkish.txt and English.txt files should be located in the system/settings/2FA mail templates folders. These files are included with the appropriate setup/update files. - The properties specified in Figure 2 named Multi Factor Authentication Enable and Multi Factor Auth Activated should be defined via eBA System Manager. Once this property is defined, it must be selected as a User Property.
eBA System Manager >
Property Definitions >
Properties
MultiFactorAuthEnable is the property that is required for processes to be active. MultiFactorAuthActivate is required for e-mail transactions that contain barcode information for the user. This feature should be inactive at the time the settings are made. After all the settings are made, when the user wants to perform the login process, he receives an e-mail with barcode information. As soon as the mail is forwarded to the user, this feature is automatically activated and mail is prevented from being sent at each login. If the user is asked to go to the mail again, this feature should be disabled in the user settings in System Manager. (Detailed information is available in Account Reset/Recovery processes)
2) Client-Side Things to Do
- The current version of the eBA Mobile app, which can be downloaded from Google Play and/or Apple Store platforms, must be installed on the mobile device.
- The Google Authenticator application, which can be downloaded from the same platforms, must be installed on the mobile device.
3) Example Use Case
The user attempting to log in to the eBA from their mobile device will be prompted for a 2FA Verification Key.
In order to use this code at the first login, the user must scan the QR code sent to the e-mail address to the Google Authenticator application that he has installed on his mobile device.
Thanks to this QR code it scans, the Google Authenticator application will derive Verification Keys with periodic timeouts.
The user attempting to log in to the eBA from their mobile device is logged in to the eBA using the current verification key.
4) Account Reset/Recovery
If the user deletes the Google Authenticator app from their device, changes their device, etc., and loses the key they identified by scanning the QR code, they can use the QR code generated for their account to re-identify it if they are storing the first email sent. If it did not store the mail, for the system to send a QR code by e-mail again; By unchecking the Multi Factor Auth Activated feature defined for the user via eBA System Manager, the e-mail is sent again on the user's first login attempt.
eBA System Manager >
Organization Management >
Users >
User Details