Configuring Multi-Factor Authentication
Multi-Factor Authentication requires users to both know something and have something. Usually, this is a password and a device or service, like a mobile phone or an email address. To log in, users must supply their passwords and a code sent to this device.
Liferay supports both one-time codes through email and third-party services that support SMS or authenticator apps. See using multi-factor-authentication to learn more.
Clarity Vision Solutions has come a long way from its days selling frames out of a garage. Now with many employees and customers, the IT department is requiring MFA as part of its enhanced security efforts.
Setting Up MFA
-
Follow the steps in Configuring Mail in Liferay to simulate an SMTP mail server.
-
Log into Liferay as the administrator (i.e. Kyle Klein).
-
Next, navigate to Global Menu () → Control Panel → Instance Settings. Click Multi-Factor Authentication under the security section.
-
Tick the Enabled box and click Save. See Enabling Multi-Factor Authentication to learn more about the configuration options.
Note, ensure you can successfully receive email through FakeSMTP before proceeding to prevent locking yourself out of the system.
Testing the MFA
-
Click the user profile image in the top right and click Sign Out.
-
Sign back into Liferay as the administrator (i.e. Kyle Klein).
-
On the next page, click Send for Liferay to send the one-time password to kyle@clarityvisionsolutions.com.
-
Get the one-time password from the sent email.
-
Copy and paste the one-time password onto the login page. Click Submit. You successfully logged into Liferay.
Logging in for the rest of the course will be difficult with Multi-Factor Authentication enabled. When finished with this exercise, go back and uncheck the Enabled box and click Save to disable Multi-Factor Authentication.
Awesome! You have now completed the Authentication module.
Next: Securing Web Services