Try our new AI assistant by clicking the chat icon in the lower right corner.


User Management - Two-Factor Authorization

Two-Factor Authorization is an extra layer of security that the Miva admin uses to make sure that the people trying to gain access to an online account are who they say they are.

On this Page

Overview

The Miva admin supports Two-Factor Authorization via TOTP (Time-based, One-Time Password) for all users. There are various methods for accomplishing this, including a YubiKey + Yubico OTP, WebAuthn/U2F as well as TOTP via Google Authenticator. All of these methods provide a convenient way to add a second factor to your Miva login.

Yubikey Setup and Configuration

To use a YubiKey as a two-factor authentication method, you must purchase a specialized USB YubiKey which comes pre-configured to connect to the YubiCloud. Miva is part of YubiCo’s Works With YubiKey program. For more information about that program, click here.

To purchase a YubiKey, check out the YubiCo store here.

Setting Up a YubiKey

To set up a YubiKey, select the user in the batch list and click the more icon, and then click Two-Factor Authentication in the dropdown menu.

user_mgmt_2fa_pic1.png

Then, choose YubiCloud + Yubico OTP from the drop down.

user_mgmt_2fa_pic2.png

Click Next, and then follow the on-screen instructions to insert your YubiKey into your computer, and then authenticate.

user_mgmt_2fa_pic3.png

When finished, click Enable.

WebAuthn Setup and Configuration

To use WebAuthn, you must purchase a USB Key which supports the WebAuthn/U2F Protocol. YubiKeys, by default, support WebAuthn so purchasing a YubiKey allows you to use either protocol. The Google Titan Key also supports this protocol and can be purchased here.

To setup WebAuthn in Miva, select the user from the batch list and click to Edit. Then select Manage Two-Factor Authentication.

Then choose WebAuthn/U2F from the dropdown.

user_mgmt_2fa_pic4.png

Click Next, and then follow the on-screen instructions to insert your WebAuthn supported device and press the button on the device to authenticate. Your browser will also give you a popup that you must approve.

TOTP (Google Authenticator) Setup and Configuration

Time-based, One-Time Password, or TOTP, is the most popular method of Two-Factor Authentication. This involves using an app, like Google Authenticator, to generate a unique, six-digit password each time you log in.

To use TOTP you’ll need an app, like Google Authenticator or Authy, to handle the TOTP flow.

Note

While there are browser-based plugins, and desktop operating system programs, for storing TOTP keys and generating TOTP codes, Miva discourages their use because they can compromise the computer where the key is stored, which could permit unauthorized access.

To setup TOTP in Miva, select the user from the batch list and click to Edit. Then select Manage Two-Factor Authentication. Then select Time-Based One-Time Password from the dropdown.

user_mgmt_2fa_pic5.png

On the next screen, scan the QR code or enter the text string below that code, into your chosen app. Once done, enter the six-digit code generated by the app into Miva and click Enable.

user_mgmt_2fa_pic6.png

Backup Codes

All three two-factor methods now support the generation of backup codes. These codes are presented to download at the time two-factor is enabled for each user. The consist of 10, one-time codes which will allow you to bypass the two-factor mechanism should the USB key be lost or the authentication app deleted.

user_mgmt_2fa_pic7.png

Using a Backup Code

To use a backup code, click the “Use Backup Token” link below the two-factor screen during the login process. When prompted, enter the one-time use code.

Note

Each backup code is for one-time use, so once it has been used it can never be used again. In addition, there is no way to bulk generate backup codes. If you need more than the initial 10, you would need to disable two-factor for that user, and then re-enable it, which would generate a new set of 10 codes.

Next Section

Looking for Developer Docs?

We have a whole section for that, including: Developer Training Series, Template Language docs, Module Development tutorials and much, much more.

Head to the Developer Section

This website uses cookies to identify visitors, track visitors to our website, store login session information and to remember your user preferences. By continuing to use this site you agree to our use of cookies. Learn More.

This website uses cookies. By continuing to use this site you agree to our use of cookies. Learn More.

Accept

Copyright © 1997 – 2021 Miva©, Miva Merchant©, MivaPay©, MivaCon© Miva, Inc. All Rights Reserved.