Alfresco 2FA: Add Two Factor Authentication to your Alfresco
feb 26 2016
Have you ever wondered why your critical business content should stay locked behind a simple username and password combination?
UPDATE: Now we have a video demo of the 2 factor authentication in action. Watch it here: https://www.youtube.com/watch?v=cH_fFPrg-YM
There are many instances where security has been breached because of common attacks involving basic username and password authentication vulnerabilities.
The threat was real.
To add an extra layer of security, Two factor authentication was introduced. Verification with two factor authentication requires two independent factors to be provided for authentication. It is similar to a bank issued tokens and a password to login to your banking website.
Two factor authentication is not anything new. It has existed for the past few years and followed a rapid adoption by organisations. A lot of online services including Google, Facebook and Microsoft have also enabled two factor authentication to provide better security to their users.
From today, you can get the same industry standard of authentication with your Enterprise Content Management server running Alfresco.
We have built a module with greater usability and powerful configuration capabilities that makes it so easy for existing Alfresco installations to adopt better security with Two factor authentication.
How It Works
Once set-up, users will have a text box to enter their authentication token when they try to log in. The authentication token can be obtained by an SMS, a two factor authentication app or a physical token generator. The users have to enter the correct authentication information alongside the two factor authentication token to log in.
The module supports chained authentication configuration and is designed to act as a front for all user authentications that happen from Alfresco Share.
Our two factor authentication module comes with built-in support for Authy. It is the industry leader in providing two factor authentication as a service. They also provide support for delivering tokens by SMS and a wonderful smartphone app for both iOS and Android alongside browser extensions for other platforms.
Alongside our development of the module, we have also made code contributions to open source components from Authy.
Adaptive to other providers
The module is also designed to support other two factor authentication systems. If you want a custom integration, please reach out to us.
- Authenticate with Mobile (iOS/Android)
Install Authy Two Factor authentication app on your iOS and Android devices. You can also use the Authy Chrome browser extension for obtaining the token on other platforms.
- Request Authentication Token
Users can request authentication from your Alfresco Share Login Panel by verifying their phone number.
- SMS Delivery Fallback
If you don't have a smartphone, you can request the authentication token through an SMS.
- User self provisioning support
Users are able to self provision Two factor authentication on their Alfresco Profile page.
- Chained authentication validation
Two factor authentication module acts as a front to your existing authentication chain. Any two factor authentication attempt also validates existing passwords down below the authentication chain configured in your Alfresco.
- Centralised Management
Authy administration console provides you a central management panel to provide a detailed insight into the logins. Administrators can also perform health checks and view authentication statistics.
- Group based enablement
Alfresco 2FA also enables enforcing two factor authentication for a named user group.
- Organisational compliance
If your organisation requires everyone to use two factor authentication, administrators can enable it via configuration. With group based enablement, administrators can also enforce two factor on a nominated Alfresco authority group.
- Customisable Interface
Customers are able to define their own logos and colour themes on mobile token generator.
- Bulk configuration support
Loftux AB will provide you consulting and customisation services for bulk importing data required for enabling two factor authentication to your users.
Alfresco 2FA is the best two factor authentication solution available for Alfresco. It currently supports Authy, but will include extra two factor service provider technologies as they are integrated.
It is available for Alfresco Enterprise and Community Editions. The latest version of Alfresco One is also supported.
If you’re interested in purchasing this module for your Alfresco installation or your customers/partners, please contact Peter at firstname.lastname@example.org.
If you’re not using Alfresco, but would like to get started with a Document Management Solution that gives you improved security with Two Factor authentication , we can give you a bundled solution. Feel free to reach Peter at email@example.com
We want all our customers to have the best security for their Alfresco installations. Therefore, we would be including this module at no charge for new and existing LXCommunity ECM subscription customers.
Chief Technology Officer/Software Architect, Loftux AB