Configuring authentication options

The Access Management module allows you to configure either two-factor authentication or passwordless authentication.

Overview of the authentication options
  Passwordless authentication Two-factor authentication

Description

Authentication with a mobile device or a Yubikey security key, without need for a password

An extra authentication step in addition to a simple password

External protocol compatibility

LDAP

  

SAML

  

Kerberos

  

Available authentication modes

SMS security code

TOTP security code

Security key

Please note

Allowing an authentication option on your workspace gives you the possibility to personalize the configuration of each user file. On the other hand, requiring the use of an authentication option will make this option mandatory for all workspace users.

General presentation of the authentication options

SMS security code

The SMS code allows the user to receive a security code via cell phone mobile network, without needing an internet connection. If the code is not properly received via SMS, the user can ask to receive a phone call from the entry page for the SMS code.

Receiving the code

Entering the code

If authentication via SMS security code fails five times in a row, the account will be locked. Users can unlock their account by requesting intervention from an Administrator or by successfully logging in with a new security code sent via email.

Note

The SMS security code is an add-on module, which is only available if activated for your workspace beforehand.

TOTP security code

The TOTP security code (Time-based One-time password) is compatible with any authentication app that generates security codes (e.g. Oodrive Authenticator, Google Authenticator, Microsoft Authenticator, etc.).

We recommend the Oodrive Authenticator application, specially developed to enable your users to authenticate to Oodrive via TOTP security code.

Generating the TOTP code

Entering the TOTP code

To use this authentication mode after first logging in, the user must follow the steps below.

Step 1: Download to smartphone

The user downloads the authentication app of their choice to the mobile device.

Step 2: Log in to the workspace via web browser

The user goes to the workspace login page and logs in using their company credentials or their Oodrive credentials

Step 3: Associate the authentication app with the workspace

When using for the first time, the user will be directed to the two-factor authentication page below:

Using the authentication app previously downloaded via smartphone or tablet, the user will be able to scan the QR code displaying on this page to set up the mobile authentication app with the workspace.

The next time the user signs in, after entering their login credentials, they will be able to directly access the two-factor authentication page to enter the temporary code generated by their authentication app.

If authentication via TOTP fails five times in a row, the account will be locked. Users can unlock their account by requesting intervention from an Administrator or by successfully logging in with a new security code sent via email.

Note

If a user loses or changes their mobile device, please contact your workspace provisioning manager.

Yubikey security key

Authentication via security key is only available on the following browsers:

  • Google Chrome version 67

  • Mozilla Firefox version 60

  • Microsoft EdgeHTML 18

When first logging in with this authentication mode, the user must follow the steps below.

Step 1: Log in to the workspace via web browser

The user goes to the workspace login page and logs in using their company credentials or their Oodrive credentials.

Step 2: Insert the security key

The user is prompted by the browser to insert their security key into the computer.

Step 3: Enter the PIN code

When using their security key for the first time, the user will be prompted to create a PIN code. To do this, they must enter a new PIN code, then confirm it.

Next time they log in, the user will simply need to insert their key and enter the PIN code they just created.

Step 4: Touch the security key

The user touches their key to complete the authentication process. The user then accesses the workspace.

Note

Authentication via security key is an add-on module, which is only available if activated for your workspace beforehand.

Configuring two-factor authentication

Two-factor authentication allows you to enhance the security of your platform by adding an extra authentication step in addition to a simple password.

There are two ways to configure two-factor authentication:

  • Allow activation of a second factor, so that the provisioning manager of your workspace may choose whether or not to activate two-factor authentication for a user.

  • Require the use of two-factor authentication for all workspace users, in which case the provisioning manager will be required to select a dual authentication mode for each user.

Allow activation of a second authentication factor

If you allow two-factor authentication, the provisioning manager of your workspace may choose whether to activate it for a user.

  1. In the Access Management module, click on the Two-Factor Auth. section.

  2. Select the Enable two-factor authentication option.

  3. Select Authorize the selection of a second authentication factor.

  4. Select the authentication mode(s) that you would like to make available to the provisioning manager (SMS, TOTP Code and/or Security Key).

  5. Click Save along the bottom of the page.

Return to the Two Factor Auth. section to modify or disable two-factor authentication.

Require a second authentication factor for all users

If you require the use of two-factor authentication, the provisioning manager of your workspace must select a dual authentication mode for each new user.

Careful

For older user accounts (created before a second factor was required), the second factor will not be activated until the provisioning manager updates their user file.

  1. In the Access Management module, click on the Two-Factor Auth. section.

  2. Select the Enable two-factor authentication option.

  3. Select Require two-factor authentication.

  4. Select the authentication mode(s) that you would like to make available to the provisioning manager (SMS, TOTP Code and/or Security Key).

    Careful

    If the security key or the SMS code is required as the only authentication mode, user accounts without access to a Yubikey device or without accurate, up-to-date mobile phone numbers will not be able to log in to their workspace .

  5. Click Save along the bottom of the page.

Return to the Two Factor Auth. section to modify or disable two-factor authentication.

Configuring passwordless authentication

Passwordless authentication allows workspace users to log in using their mobile device or their Yubikey security key, without having to provide their password.

Note

Users created through an external authentication protocol can’t use passwordless authentication.

There are two ways to configure passwordless authentication:

  • Allow passwordless authentication, so that the provisioning manager of your workspace may choose whether or not to activate passwordless authentication for a user.

  • Require passwordless authentication for all workspace users, in which case the provisioning manager will be required to select an authentication mode for each user.

Allow passwordless authentication

If you allow passwordless authentication, the provisioning manager of your workspace may choose whether to activate it for a user.

  1. In the Access Management module, click on the Two-Factor Auth. section.

  2. Select the Enable two-factor authentication option.

  3. Select Authorize the selection of a second authentication factor.

  4. Select the authentication mode(s) that you would like to make available to the provisioning manager (SMS, TOTP Code and/or Security Key).

  5. Select the Passwordless option.

  6. Click Save along the bottom of the page.

Return to the Two Factor Auth. section to modify or disable passwordless authentication.

Require passwordless authentication

If you require the use of passwordless authentication, the provisioning manager of your workspace must select an authentication mode for each new user.

Careful

For older user accounts (created before a second factor was required), passwordless authentication will not be activated until the provisioning manager updates their user file.

  1. In the Access Management module, click on the Two-Factor Auth. section.

  2. Select the Enable two-factor authentication option.

  3. Select Require two-factor authentication.

  4. Select the authentication mode(s) that you would like to make available to the provisioning manager (SMS, TOTP Code and/or Security Key).

    Careful

    If the security key or the SMS code is required as the only authentication mode, user accounts without access to a Yubikey device or without accurate, up-to-date mobile phone numbers will not be able to log in to their workspace.

  5. Select the Passwordless option.

  6. Click Save along the bottom of the page.

Return to the Two Factor Auth. section to modify or disable two-factor authentication.

Ressources