How do I login to NorthScope using One Time Password (Two-Factor Authentication)?
Introduction
Security is always high on the list of NorthScope priorities and with many customers now hosting NorthScope on public Azure instances we need to lessen the risk of security attacks with a more robust way to access the software.
Setting up One Time Password for the first time
The first time a user logs into NorthScope with the One Time Password feature, after clicking Login from the main NorthScope Login page the Setup page below will be displayed.
Adding an Account in the Authenticator App
An authenticator app is required to enable the One Time Password. Any authenticator app should work but NLP suggests either the Google or Microsoft Authenticator. After downloading and opening the app, the account needs to be added by either choosing ‘Add Account’ or clicking the ‘+' if using the Microsoft Authenticator app, or choosing ‘Add a code’ if using the Google Authenticator as shown below. For existing app users that already have established accounts, clicking the '+’ in the top right for the Microsoft app or bottom right for the Google app will bring users to the same options to proceed in adding the NorthScope account in the next steps.
For the Microsoft app, the user needs to select what kind of account to add and will be prompted to ‘Sign in’ or ‘Scan QR code.’ For the Google app, the options ‘Scan a QR code’ or ‘Enter a setup key’ will be displayed. In both apps, choose the Scan QR code option to proceed.
A page will load that opens the device’s camera to scan the code displayed on the setup screen. After this is captured the user is navigated to the main page of the app and the account that was added will be displayed with a six digit code that auto refreshes every 30 seconds.
Entering the code and accessing NorthScope
Enter the six digit code that is displayed for the account logging into NorthScope in the textbox on the Setup page. If the checkbox directly below is checked (which is the default) it will remember this code for 30 days (not advised if it is a shared computer), unchecking the checkbox will mean the user will be prompted to enter a code each time they log into NorthScope (advised for a shared computer). Clicking the Confirm button within a minute of entering a valid code will log the user into NorthScope as expected.
If the code is entered incorrectly or times out, it will result in the user seeing the message ‘Retry Confirmation Number’ as shown below.
Note: The user will not be locked out of the account for entering an incorrect code for a set number of times.
Logging into NorthScope after setting up One Time Password
After a user has setup One Time Password (OTP), and opted not to remember the code for 30 days, they will be prompted to enter another code the next time they try to login to NorthScope. The authentication window will be displayed where the user can enter their six digit code by opening the app they used to setup OTP, and entering it into the textbox as shown below. The user will also have the option to remember the code for 30 days (this is checked by default), or uncheck the box to be prompted for a code the next time they login to NorthScope. Clicking the Continue button within a minute of entering a valid code will log the user into NorthScope as expected.
If the code is entered incorrectly or times out, it will result in the user seeing the message ‘Retry Confirmation Number’ as shown below.
Note: The user will not be locked out of the account for entering an incorrect code for a set number of times.
If the user chose to remember the code for 30 days when they setup OTP, they would not see the authentication window and would log into NorthScope from the main login page without any messages until the 30 day period has expired, after which the user would then be prompted to enter their six digit code from the authenticator app to proceed with logging into NorthScope.
Resetting a User’s One Time Password
If a user has possibly removed their account from the authenticator app, or maybe does not have access to the device that the OTP was setup on and needs to reset it, an administrator or a user with access to the Users List View in the System Functional Area of NorthScope can reset it by selecting the User and clicking Edit to view that user’s profile and click the Reset One Time Password button on the toolbar.
The user will see a message to confirm they want to reset the user’s One Time Password and after clicking OK will see a message confirming the OTP has been reset.
To re-setup your own OTP for your account (for example, if you want to use a new/different authenticator app), there is an option on the My Profile page to ‘Setup One Time Password’ which, when clicked, will display the Setup page as shown below where the user can go through the process of setting up an account with the same steps as they did the first time the OTP was setup.
After scanning the QR code in the authenticator app, if the Microsoft app and the same account was used initially, a message warning the user will be displayed to state the existing security information for that account will be overwritten. After clicking Continue on this message the account is added to the app like before with the six digit code. If a different authenticator app was used, the account will be added in the same way as the first time it was setup.
After entering the code on the setup page and clicking Confirm the setup page will display the message ‘One Time Password Setup Successful’ if a valid code was entered. Otherwise, ‘Retry Confirmation Number’ will be displayed.