Two-Factor Authentication for User Portal

Enable two-factor authentication for user portal 

To enable two-factor authentication for logging into the user portal: 

1. In the FileCloud admin portal's left navigation bar, scroll down and click Settings. Then, on the Settings navigation page, click Policies .
   The Policies page opens.
   

   

2. Edit the policy assigned to the users who you want to use 2FA.

3. Click the 2FA tab.

4. Under 2FA heading, Change the Enable Two Factor Authentication drop down box to Enabled

5. In Two Factor Authentication Mechanism choose Email, TOTP (Authenticator App), DUO Security or SMS Security.
   

6.  If you choose SMS Security and users are permitted to create accounts, add the following setting that enables users to add a phone number when creating a share with an external user:

• Open the configuration file:
  Windows: XAMPP DIRECTORY/htdocs/config/cloudconfig.php
  Linux: /var/www/config/cloudconfig.php

• Add the line:

  define ("TONIDOCLOUD_ENABLE_2FA_SMS_SHARE_INVITES", TRUE);
  

Two-factor authentication using DUO security

FileCloud can be set up to use DUO security service to perform 2FA. Note that DUO PUSH is not supported and requires code generated by DUO Mobile app to be entered to perform 2FA.

The following steps are required to set up 2FA using DUO.

1.  ADD DUO Auth API

• Follow instructions at https://duo.com/docs/authapi to get integration key, secret key, and API hostname.
  

  

• In the FileCloud admin portal, open the DUO Security settings page.
  

  To go to the Duo Security settings page

  1. In the FileCloud admin portal's left navigation bar, scroll down and click Settings. Then, on the Settings navigation page, click Misc .

  2. In the inner navigation bar on the left of the Settings page, expand the Misc menu, and click DUO Security, as shown below.
     
     

  The DUO Security settings page opens.
  

1. Fill in the Duo Auth API Security Settings fields on the page.
   

   

   
   
   

2. Add DUO Admin API

   • Follow instructions at https://duo.com/docs/adminapi to get values for integration key, secret key, and API hostname

   • Ensure it has Grant read resource permission.
     

     

   • In the FileCloud admin portal, go to the DUO Security settings page as shown in Step 

   • Fill in the Duo Admin API Security Settings fields on the page.
     

     

   • Now follow the instructions above to enable 2FA and specify the 2FA mechanism as Duo Security.
     

     
     Note: When users who are enrolled in the Duo Admin Panel log in, they must use the text code from the default entry in their Duo App. When users who are not enrolled in the Duo Admin Panel attempt to log in, they are prompted to use a QR code scanner to enroll themselves, and then must use the text code from the entry they added in their Duo App. See Log in Using Two-Factor Authentication for more information.
     

Reset TOTP or DUO settings  for a user

When a user loses a TOTP (Google Auth) app enabled device or if they need to reset the code for any reason, you can reset the Google Authenticator setup for that user using the following steps.

1. In the FileCloud admin portal, go to Users and click the Manage Policy icon in the row for the user. 
   

   

2. Click the 2FA tab.

3. Click the Reset 2FA Setting to enable the user to reset their authenticator code.
   
   

   

   
   After the secret is reset, the user is not required to redo the DUO 2FA setup on initial login as FileCloud will import access tokens from DUO automatically.
   New devices can be registered from the DUO Admin Panel using the DUO Enrollment Email feature.