Configure MFA Methods for Super Admin

Why you need to configure Two Factor Authentication (2FA) for Super Admin?

When you are considering authentication, it's essential to prioritize the authentication of the super admin. This is crucial because the super admin manages multiple users' data, making the security of all users dependent on the super admin's security. Traditional authentication methods, such as username and password, are inadequate in the face of today's rapidly evolving cyber threats. To safeguard admin systems against these vulnerabilities, miniOrange offers additional authentication methods that provide an extra layer of security during login. This is achieved by implementing two-factor authentication (2FA) while login to your super admin console.

miniOrange helps you to integrate 2FA for your super admin system easily with 15+ 2FA methods. You can choose from any of the methods (KBA, OTP over SMS/email, Google authenticator, YubiKey, Push notifications, SMS and Email Links etc) and secure your super admin system. Given below is the guide to setup two-factor authentication for super admin with multiple demonstrations.

Setup 2FA for super admin

Log in to the miniOrange Partner Portal console.
Go to 2-Factor Authentication, and then click on Setup 2FA.

Click on toggle to Enable 2 Factor Authentication as shown below.

Select one method that you would like to set or change as 2FA.

As you will select the option you can customize settings according to your way.

1. SMS and Phone Callback

A. OTP over SMS Method

In this 2FA method, Super admin receives an OTP over SMS containing a 6-8 numeric key. You need to follow the given steps to enable it in your super admin dashboard security.

Click on OTP over SMS in the SMS to configure this method.

select OTP over SMS method for super admin

Click on the Edit >> Click here to update your phone number.

Note : After a while of configuration, you ought to verify to see if the phone number was already added into the Phone field. If yes, then select the Inactive toggle to activate this method. Otherwise, follow the below steps to add a phone number.

select OTP over SMS method for super admin - Click on Edit

In Personal Details, select the country code from the dropdown and then add your mobile number on which you want to receive the OTP.
Click on Save.

select OTP over SMS method for super admin - Add Phone Number

After successfully adding the number to the phone field, click on toggle to activate the OTP over SMS option.

select OTP over SMS method for super admin - Switch the toggle

Now Enable 2 Factor Authentication toggle if not done before as shown below.

Enter mobile number to receive OTP via SMS

As you can see, the Active method at the top will specify OTP over SMS.
To verify the 2 factor authentication sign out and sign in again.
It will ask you username and password. After that it is redirected to below page:
Enter the OTP received on the phone and click on verify.

If you are redirected to your dashboard, you have successfully configured OTP over SMS as your 2FA method.

B. SMS Link Method

In this 2FA method, Super admin is sent a message with accept or deny link.

Click on SMS link in the SMS section tab to implement this method.

Click on the Edit >> Click here to update your phone number.

Note : After a while of configuration, you ought to verify to see if the phone number was already added into the Phone field. If yes, then select the Inactive toggle to activate this method. Otherwise, follow the below steps to add a phone number.

In Personal Details, select country code from the dropdown and then add your mobile number in the Phone field to get accept or deny link.
Click on Save.

After successfully adding the number to the phone field, click on toggle to activate the SMS link.

Now Enable 2 Factor Authentication toggle if not done before as shown below.

Enter mobile number to receive OTP via call

As you can see, the Active method at the top will specify SMS link.
To verify the 2 factor authentication sign out and sign in again.
It will ask you username and password. After that it is redirected to below page:

Click on Accept or Deny link that you have received on your phone.
On clicking on accept link you will be able see your dashboard which means you have successfully configured SMS Link method.

C. Call verification

In "Call Verification" 2FA method, user receives a call telling a 4-8 digit numeric key which user need to enter to authenticate and use services which are granted to him.

Click on OTP over Phone Call in the Call Verification tab to configure this method.

Note : If you would like to request to get free credits for the test phone verification method, please contact us or send us an email at idpsupport@xecurify.com.

Select Phone Verification 2FA method for admin system

Form the top right side, click on Profile >> Personal Profile.

In Personal Details, select country code from the dropdown and then add your mobile number on which you want to receive the OTP via call.
Click on Save.

After successfully adding the number to the phone field, click on toggle to activate the OTP over Phone Call option.
Click on Save.

You can see the message "Your configurations have been saved successfully" in green.
As you can see, the Active method at the top will specify OTP over Call.
Now Enable 2 Factor Authentication toggle if not done before as shown below.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to 2-Factor Authentication page.
Now you will receive OTP via Phone call. Enter the OTP and click on Verify button.
If you are redirected to your dashboard it means you have successfully configured Phone Verification 2FA method.

2. Authenticator Apps

D. Google Authenticator

In this method, Super admin needs to enter 6 digits passcode generated by Google Authenticator app.

Select Google Authenticator from the Authenticator App section to configure this method.

Click on Edit.
For the installation of this method, you need to install the Google Authenticator app from app store.
After installation of google authenticator app, register to device by scanning the QR code in the app.
Enter the Passcode generated by Google Authenticator app. Then click on save.

As you can see, after you verify the generated otp from Google Authenticator app, it automatically activates the app.

Now Enable 2 Factor Authentication toggle if not done before as shown below.

enable 2-factor authentication for admin

To verify the second factor sign out and sign in again.
Here you need to enter 6 digits code from your Google Authenticator app.
Click Verify.

If you are redirected to your dashboard it means you have successfully configured Google Authenticator 2FA method.

After Successfull Redirect to miniOrange Super Admin Dashboard

E. Microsoft Authenticator

In this method, Super admin needs to enter 6 digits passcode generated by Microsoft Authenticator app.

Click on Microsoft Authenticator from the Authenticator App tab to configure this method.

select Microsoft AUTHENTICATOR 2FA method

For the configuration, you first need to install the Microsoft Authenticator app from app store.
After installing application it will ask you to Add account. Select the type of your account (Google, Personal account)
Register your device by scanning the QR code in the Microsoft Authenticator app. (If you don't want to scan QR code you can enter Secret Key manually).
Once you register your device, your app will start showing One-time Password code (code varies in every 30 seconds).
Enter One-time Password code and click on Save button.

You can see the message "Microsoft Authenticator configured successfully" in green.
Now Enable 2 Factor Authentication toggle if not done before as shown below.

To verify the second factor sign out and sign in again.
It will ask you username and password. After that it is redirected to 2-Factor Authentication page.
Here you need to enter 6 digits code from your Microsoft Authenticator app.
And then click on Verify.

Enter OTP generated from Microsoft Authenticator

If you are redirected to your dashboard it means you have successfully configured Microsoft Authenticator 2FA method.

Microsoft 2FA authentication for admin done successfully

F. Authy Authenticator

In this method, Super admin needs to enter 6 digits passcode generated by Authy Authenticator app.

Click on Authy Authenticator from the Authentication Apps tab to configure this method. Select Edit.

For the configuration, you first need to install the Authy authenticator app by clicking on the button in step 1.
Register your device by scanning the QR code in the Authy Authenticator app.
Once you register your device, your app will start showing One-time Password code.
Enter One-time Password code and click on Save button.

You can see the message "Authy Authenticator configured successfully" in green.
Now Enable 2 Factor Authentication toggle if not done before as shown below.

To verify the second factor sign out and sign in again.
It will ask you username and password. After that it is redirected to 2-Factor Authentication Page
Here you need to enter 6 digits code from your Authy authenticator app.
And then click on Verify.

If you are redirected to your dashboard it means you have successfully configured Authy Authenticator 2FA method.

3. miniOrange Authenticator

G. Soft Token method

A Soft Token is a piece of a two factor authentication security used to authorize the super admin. In this method, Super admin needs to enter the 6-8 numeric key from his mobile.

Click on Soft Token in the miniOrange Authenticator tab to configure this method.

Click on Edit.
To set this method you need miniOrange Authenticator app installed on your smartphone. The link for the same is give in step 1.
After installation of the app you need to scan the QR code of register your device.

In the above method the reconfigure tab is turned green that means it is now active.

Next step is to Enable 2 Factor Authentication if not done before.

To verify the second factor sign out and sign in again.
It will ask you username and password. After that it is redirected to below page:
Here you need to enter the 6 digits code generated in your registered miniOrange Authenticator app.
Then click on Verify.

If you are redirected to your dashboard, you have successfully configured SOFT TOKEN 2FA method.

H. Push Notifications method

The process of Push Notifications works as, the super admin receives a push notifications on his mobile which he needs to ACCEPT | DENY.

Select the Push Notifications option in the miniOrange Authenticator tab to enable this method.

Click on Edit.
To set this method you need miniOrange Authenticator app installed on your smartphone. The link for the same is give in step 1 in above page.

After installation of the app you need to scan the QR code of register your device.
In the above method the reconfigure tab is turned green that means it is now active.

Next step is to Enable 2 Factor Authentication if not done before.

To verify the second factor sign out and sign in again.
It will ask you username and password. After that it is redirected to below page:

You will receive a push notification on the configured phone.
Click on Accept/Deny button to verify.
When you click on accept and if redirected to your dashboard it means you have successfully configured PUSH NOTIFICATIONS method.

I. QR Code Authentication

The process of QR Code Authentication works such as, a super admin needs to scan the barcode from his mobile using the miniOrange Authenticator app to proceed.

Select the QR Code Authentication in the miniOrange Authenticator tab to activate this method. Click on Edit.

To set this method you need miniOrange Authenticator app installed on your smartphone. The link for the same is given in step 1.

Link to download miniOrange authenticator app

After installation of the app you need to scan the QR code of register your device.
In the above method the reconfigure tab is turned green that means it is now active.

Next step is to Enable 2 Factor Authentication if not done before.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

Scan the QR Code to test this authentication method in miniOrange Authenticator app.
If you are redirected to your dashboard, you have successfully configured MOBILE AUTHENTICATION 2FA method.

4. Email Method

J. OTP Over EMAIL method

In "OTP Over Email" 2FA method, Super admin receives an email containing a 6-8 digit numeric key which he needs to enter to use services which are granted to him.

Note : It's set up the default method (EMAIL) as your active method. Now Enable 2 Factor Authentication toggle for OTP over Email method. Also, if you need to change your email address during the configuration process, follow the steps below.

Select OTP OVER EMAIL in the Email tab to enable this method.

Click on Edit >> Click here to update your email link.

In Personal Details, enter the email address where you want to receive the OTP.
Click on Save.

select OTP over Email method for super admin - Add Email Address

You want to check your updated email address in the Email field where you have got otp.

select OTP over Email method for super admin - Verifying your Emaul

Now Enable 2 Factor Authentication toggle if not done before as shown below.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:
Enter the OTP received on the email address specified and click on Verify OTP.

When you click on verify and if redirected to your dashboard it means you have successfully configured OTP over Email method.

K. Email Link

In the "Email Link" 2FA method, Super admin receives an email with a link which he needs to click to accept|deny the transaction.

Select Email Link in the Email tab to activate this method.

Click on Edit >> Click here to update your email link.

Note : After a while of configuration, you ought to verify to see if the email was already added into the Email field. If yes, then select the Inactive toggle to activate this method. Otherwise, follow the below steps to add a email.

In Personal Details, enter the email address where you want to get accept or deny link..
Click on Save.

You want to check your updated email address in the Email field, click on toggle to activate the Email link option.

Now Enable 2 Factor Authentication toggle if not done before as shown below.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

You will receive an Email on the Email specified in above with Accept or Deny link.
When you click on accept link and if redirected to your dashboard it means you have successfully configured EMAIL Link.

L. OTP over SMS and EMAIL

In "OTP Over SMS and Email" 2FA method, Super admin receives 6-8 digit numeric key OTP via EMAIL and SMS both. Super admin need to enter this numeric OTP to use services which are granted to him.

Click on OTP over SMS and EMAIL in the SMS tab to activate this method.

Select otp over email and sms 2FA method

Click on Edit >> Click here to update your email link.

Note : After a while of configuration, you ought to verify to see if the phone number and email was already added into the Phone and Email field. If yes, then select the Inactive toggle to activate this method. Otherwise, follow the below steps to add phone number and email.

In Personal Details, enter the phone number and email whenever you want to receive the OTP.
Click on Save.

Now you want to verify your mobile number and email on which you want to receive the OTP.
Click on toggle to activate the OTP over SMS and Email method.

Add your mobile number and email for OTP

Now Enable 2 Factor Authentication toggle if not done before as shown below.

To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to 2-Factor Authentication Page.
Now you will receive OTP via both SMS and EMAIL. Enter the OTP received and click on Verify button.

Enter OTP and verify admin authentication

If you are redirected to your dashboard it means you have successfully configured OTP over SMS and EMAIL 2FA method.

5. Hardware Token

M. YubiKey hardware Token

"YubiKey Token" is a 2fa verification method, in which a user needs to connect a USB into his computer which generates token in the form of an alphabetic key. This process works with the combination of an OTP & hardware tokens.

Select YubiKey Token in the Hardware Token tab to enable this method.

select YubiKey Hardware Token 2FA method for admin

Click on Edit.
Firstly, you need to connect the YubiKey hardware through the USB port.
Click on the Enter OTP tab.
Now hold the hardware, otp will be automatically added in this field.

Click on Save.
And you would be redirected to the configure 2FA field.
Next step is to Enable 2 Factor Authentication toggle if not done before.
To verify the second factor sign out and sign in again.
It will ask you Username and password. After that it is redirected to below page:

verify your identity as an admin to system

Here you need to select the Enter OTP field.

Press the Hardware token to get the key automatically.

If redirected to your dashboard it means you have successfully configured YubiKey Hardware Token 2FA method.

6. Security Questions

In this 2FA-method, super admin answers some knowledge-based security questions and customize one question which are only known to him to authenticate himself.

Select the Security Questions section.

Click on Edit.

Here you need to select 2 questions and answer them. And write the customized question and answer it.

Click on Save.
Now Enable 2 Factor Authentication toggle if not done before as shown below.

To confirm whether the 2FA is been activated, sign out and sign in again.
After entering your username and password you will be redirected to the below page:

Answer your KBA question and click on Verify.
You will see the super admin (your) dashboard.

KBA method for admin successfully configured

In this way you have successfully configured KBA as your 2FA method.
Similarly you can configure other methods also.

7. FIDO2 (Biometric)

In this method, the users need to use built-in authentication methods (Windows Hello, inbuilt figerprint, Biometrics (Face ID or fingerprint)), Hardware security Token (eg. Yubikey FIDO2 Token) for 2FA verification.

[Note (Only for on-premise): You will have to set up SSL for your IDP deployment prior to using this MFA method.]

Select FIDO2 (Biometric) section, click on Add Device.

Enter any relevant Device Name of your choice.
Select the Device Type which you want to register.
Click on Proceed.

You will be prompted for the PIN/Touch ID/Password/Face ID depending on the type of device you are registering.

Once you enter the correct PIN/Touch ID/Password/Face ID, the device will be registered and you can see the message "Configured webauthn successfully" in green. You will also see your device registered below.

Next step is to Enable 2 factor Authentication if not done before.

To verify the second factor, sign out and sign in again.
It will ask you for the Username and password. After that, you will be prompted to verify the second factor using your registered device.

In case you do not receive any prompt or close the prompt by mistake, you can click on Authenticate to open the prompt again.

Enter your PIN/Touch ID/Password/Face ID for the registered device.
After this, if you are redirected to your dashboard, it means you have successfully configured the FIDO2 (Biometric) method.

Contents