Details
-
Type:
New Feature
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 3.0.0.b3
-
Fix Version/s: 3.4.0-b1
-
Component/s: Client Interface
-
Labels:None
Description
Add two factor authentication for clients.
This should be simplified. Perhaps only offer TOTP as an option, with QR code displayed.
Issue Links
- is blocked by
-
CORE-1459
Add tabs to client/contact Edit My Info pages
-
- Closed
-
Activity
Needs a new task
—
Under the client "Edit My Information" page, break the following sections down into tabs.
- Contact Information
- Billing Information (client only)
- Additional Settings (client only)
- Authentication (change password and setup/disable 2FA)
—
2FA will then be configurable under the "Authentication" tab.
Paul Phillips
added a comment - Needs a new task
—
Under the client "Edit My Information" page, break the following sections down into tabs.
Contact Information
Billing Information (client only)
Additional Settings (client only)
Authentication (change password and setup/disable 2FA)
—
2FA will then be configurable under the "Authentication" tab. Admin users need to be able to disable 2FA for clients and contacts. If a client/contact is loses their key, disabling it will allow them to log in and set it up again.
Admins should not be able to see the 2FA key, only turn it off if it has been set up.
Paul Phillips
added a comment - Admin users need to be able to disable 2FA for clients and contacts. If a client/contact is loses their key, disabling it will allow them to log in and set it up again.
Admins should not be able to see the 2FA key, only turn it off if it has been set up. When saving the auth password for the first time, it's easy to get confused when receiving the error "Invalid password."
That error may need to be more specific. Although the OTP password was correct, the user needs to also enter their current account password before the changes can be saved, hence the "Invalid password" error.
Tyson Phillips (Inactive)
added a comment - When saving the auth password for the first time, it's easy to get confused when receiving the error "Invalid password."
That error may need to be more specific. Although the OTP password was correct, the user needs to also enter their current account password before the changes can be saved, hence the "Invalid password" error. When saving the auth password for the first time, it's easy to get confused when receiving the error "Invalid password."
That error may need to be more specific. Although the OTP password was correct, the user needs to also enter their current account password before the changes can be saved, hence the "Invalid password" error.
Any improvements I think should be added as new tasks.
Cody Phillips (Inactive)
added a comment -
When saving the auth password for the first time, it's easy to get confused when receiving the error "Invalid password."
That error may need to be more specific. Although the OTP password was correct, the user needs to also enter their current account password before the changes can be saved, hence the "Invalid password" error.
Any improvements I think should be added as new tasks. 
This should also work with contact logins
CORE-627