Aurora Corporate 8 documentation

Two-factor authentication

Starting from version 8.2.4, Aurora Corporate 8 offers support for two-factor authentication, also known as 2-step verification. The idea behind this approach allows users to increase their account security by having to enter PIN code obtained via authentication application installed on their mobile device. It can be used with any 2-step authentication app, such as Google Authenticator or Authy.

Two-factor auth is implemented as TwoFactorAuth module which is included in the package by default. To enable it, set Disabled to false in data/settings/modules/TwoFactorAuth.config.json file.

Plugin supports optional parameter set in the same file:

"ClockTolerance": [
    2,
    "int"
]

This will accept codes starting from ClockTolerance 30sec ago to ClockTolerance 30sec from now. Increasing this value may help resolving auth issues caused by inexact time sync.

Once the module is installed, a new tab "Two Factor Verification" is added to user account settings area. In there, user can enable authentication for their account, and proceed by scanning QR code from that page or by manually entering secret key into their authentication app.

Assuming user has enabled and set up 2-step verification for their account, they will get additional popup upon next login to Aurora Corporate 8, where they're required to enter PIN code obtained from authentication app installed on their mobile device.