What is Two Factor Authentication (2FA)
Two Factor Authentication (2FA) is an additional layer of security which is used alongside your username and password to gain access to your CEMAR account
The purpose of this is to further enhance the level of security present with your credentials, meaning that for example, even if your emails were compromised, your CEMAR account could remain secure.
When enabled, this requires you to enter a 6-digit security code each time you log into the system, which is generated using an external authentication application via your mobile device (i.e. Google Authenticatior).
How do I enable this feature
There is a number of ways this feature can be enabled, such as:
- Enforced against a specific contract (Superuser only)
- Required across an entire client environment (CEMAR only)
- Enabled on a user per user basis
...therefore it's possible to utilise this functionality in the best way that suits your needs.
We will be using Google Authenticator (available on Android/iPhone/BlackBerry) for the purposes of this guide, however other applications do exist and will serve the same purpose.
How to enable it on your own profile
1. Navigate to My Profile via the Modules page and select the Security tab.
2. Check the Activate/Deactivate check box and select Yes on the presented prompt.
Alternatively, when setting your CEMAR account up for the first time, you'll be asked if you'd like to enable this, at the bottom of your terms & conditions:
How to enable it against a specific contract (Superusers Only)
1. Navigate to the 'Client Administrators Programme' from the main menu, then click on the 'Contracts' tab in the top-left corner of the screen.
2. From here you'll be shown a list of all projects, which you can then click on:
3. Once this has been done, there is a tick box titled 'Two Factor Authentication Active' which you can select, as per the below screenshot:
At this stage, any users who are associated with this contract, will be required to setup 2FA and use it each time they log into CEMAR.
Please note that this doesn't only apply when logging into this specific project, rather when logging into CEMAR at all.
How to enable this for all users across your client
If this is required across your entire client environment, then please get in touch with us at CEMAR. We recommend either submitting a support ticket or emailing us at firstname.lastname@example.org and we'll be happy to help.
How do I setup 2FA?
1. When 2FA is enabled, the next time you log into CEMAR, you'll be taken through the Two Factor Authentication setup wizard.
2. First of all, you'll need to scan the presented QR Code with your smartphone using your authenticator or press Show Manual Key and copy the presented string of characters into your authenticator application.
3. Your authenticator will have generated a 6-digit code – enter this code into the text field on the setup page and press Submit.
4. You will be taken to the Modules page as usual. From this point on you will be able to use CEMAR as you would normally.
5. After the initial setup of 2FA, when subsequently logging into CEMAR, you will only be required to enter the code displayed on your authenticator.
6. If you are not able to locate your 6-digit code, then select Don’t have your authenticator handy? where you will be required to answer two or more of your chosen security questions. For more information on security questions in CEMAR please consult this help article.
7. In the event you lose access to your authenticator device, you will need to generate a new QR Code. To do this, navigate to My Profile and in the Security tab press Reset. You will be redirected to the 2FA setup page as shown in step 3.
8. Finally, if you wish to use CEMAR on multiple devices, then select Add Another Device in the Security tab of My Profile and either scan the QR code, or copy the manual key, into your authenticator.
1. I’m entering the generated code but CEMAR won’t accept it.
This could be due to your authenticator using a different system time to CEMAR. If both CEMAR and your authenticator are not using the same time, then the code generated may not be accepted.
To remedy this problem, you may have to change the time of the device, on which your authenticator is stored, to UTC.
2. I want to turn 2FA off but the checkbox is disabled.
You will be unable to manually disable 2FA if it has been enforced across your client or against a specific contract you're attached to, therefore we'd recommend speaking with your Superuser to establish the requirements.
3. I don’t have access to my authenticator and I have forgotten the answers to my security questions.
If this occurs, you may wish to contact your Superuser who can reset these details for you.
4. Is 2FA mandatory?
CEMAR doesn't enforce the use of 2FA, however your Superuser can make this a requirement for users associated to certain contracts, or enabled across the client environment. If you're unsure of how this has been setup, then please speak with your Superuser or contact us at CEMAR support.