Two factor authentication (also known as 2FA) is a method of confirming a user's identity by using a combination of two components. PageUp offers our clients the ability to implement two factor authentication, increasing security by asking for an additional authentication factor and making it more difficult for others to gain unauthorised access to your PageUp account. PageUp predominantly supports two factor authentication by asking users to enter a security token in addition to their username and password.
Enabling IP Restriction
To setup two factor authentication, you need to first enable restriction by Internet Protocol (IP) Address. Depending on which portal you are looking to implement the IP restriction and two factor authentication, add the allowed IPs to the respective features below:
- Login subnet filtering (Admin system)
- Login subnet filtering (Employee Self-Service)
To enable 2FA via token when users are outside of the subnets (specified in the features above), enable the System settings feature External subnet access.
To enforce 2FA for all login attempts, add a local IP that no user will ever be in.
Once enabled and a user tries to log in, they will receive the following message: You have attempted to access the system from outside an approved network. and will be asked to enter a token.
Note: Users must have either a mobile number or email set up in their profile for 2FA to take effect.
Example SMS: 123456789 is your security token from PageUp People for access to the system. The token is valid for 10 minutes from the time of request, 5:02pm 29 Mar 2018.
Note: SMS charges apply as stipulated in the ASP Agreement
For PageUp Admin to test this, you need to be outside the PageUp network or disable the feature Override login subnet filtering from PageUp office.
Our 2FA does not send a new token when the token is entered incorrectly by a user.
If you need any assistance in setting up this configuration, please contact PageUp.