Two-step Authentication in QMetry

Introduction : Two-step Authentication

QMetry’s Two-step Authentication is a simple best practice that adds an extra layer of protection on top of your user name and password. With two-step authentication enabled, when a user signs in QMetry, they will be prompted for their user name and password (the first factor - what they know), as well as for an authentication code from their two-step authentication device (the second factor - what they have). Taken together, these multiple factors provide increased security for your QMetry user account.

You can enable two-step authentication for individual users in QMetry. There is no additional cost for enabling users with two-step authentication.

  • Any users having QMetry authentication type can be enabled.

  • Users authenticated via LDAP/SAML cannot enable two-step authentication.

Two-step Authentication Workflow

  1. Users can enable two-step verification on their account.

  2. While logging in they will be prompted for an authentication code after entering their QMetry credentials which are authenticated only after successful code verification.

Enable Two-step Authentication

  • Users need to have create/update permissions for user module to enable/disable two-step verification on their own/others accounts.

Enabling two-step authentication requires an authentication application downloaded on your smartphone. Applications for your smartphone can be installed from the application store that is specific to your phone type. The following table lists some applications for different smartphone types.

After downloading the application, follow the below steps.

1. Login to QMetry with your credentials. Go to Customization > Users.

2. Filter by your user and click Edit. Ensure under user details that the authentication type is QMETRY.

 

3. Go to Security tab > Two-step Verification > Enable.

4. Scan the QR Code, and enter the verification codes to enable the two-step verification.

Note: Once the user registers for Two-step Verification device, eight Recovery Codes are generated and displayed on the screen. Each code can be used only once. Users can download the codes in .txt file to use them in case they lose the device to generate the recovery code.

Once the two-step authentication is enabled, after signing in to QMetry with credentials, user will be prompted with a two-step verification code.

Filter Users with Two-step Verification

Users can be filtered based on their two-step verification set up status using the 2FA filter selected as Enabled or Disabled under Customization > Users.

Disable Two-step Authentication

For scenarios where an end user loses the authentication device or the authentication app OR simply wants to disable two-step authentication, below are the steps that should be followed.

Steps :

  1. Login to QMetry with your credentials. Go to Customization > Users.

  2. Filter by your user and click Edit.

  3. Go to Security tab > Two-step Verification > Click the toggle to Disable.

  4. Click Remove

Resync Verification details for Two-step Authentication

  1. Login to QMetry with your credentials. Go to Customization > Users.

  2. Filter by your user and click Edit.

  3. Go to Security tab > Two-step Verification > Click the toggle to show remove/resync options.

  4. Click Resync and enter verification codes from the authentication app on your phone to complete the resync.

Generate Recovery Codes for Two-step Verification

Users having two step verification enabled can now use recovery codes to regain access to the accounts. Once the user registers for Two-step Verification device, eight Recovery Codes are generated and displayed on the screen. Each code can be used only once. Users can download the codes in .txt file to use them in case they lose the device to generate the recovery code.

Note: If the user loses their device or can not access their authentication codes, they can use these codes to login. We strongly recommend saving the codes to a safe place.

To generate new recovery codes, the device needs to be re-registered again.

These recovery codes are visible to other users as well. In case a user does not have the recovery codes, they can ask other users who have access to the Users module to look for their recovery codes and share with them.

In case all eight recovery codes are used and then the user loses the device, the user will not be able to log into QMetry without having their two-step verification device removed and set up again.

Using Recovery Code:

Click on the Login with Recovery Code link on the QMetry Login screen. Enter the recovery code in the next screen. The recovery code will be removed from the recovery code list in the Users module once it is used.

Make Two-step Verification Mandatory for All Users in QMetry

Permissions Required :

  • An “admin” user can make the Two-step Verification mandatory for all the QMetry authenticated users on the instance.

  • For SaaS instances, the first user (super-admin) who registered for QMetry, can make the Two-step Verification mandatory for all the QMetry authenticated users on the instance.

Note: The admin can make the Two-step Verification mandatory for other users only when the Two-step Verification is already enabled for their admin account.

Steps :

  1. Go to Customization > General Settings & Audit. You will find the Two-step authentication section at the bottom of the screen.

  2. Enable the Mandatory Two-step Authentication option if you want to impose the two-step verification for all the users of the instance. Users will have to enter a security code in addition to their password at the time of login.

 

While enabling the Mandatory Two-step Verification option, the confirmation pop-up opens showing - the warning that the number of active users will not able to log into QMetry after making the Two-step Verification mandatory. The term “Users” is clickable, clicking on which the Users module opens displaying QMetry authenticated active users with disabled 2FA.

The admin can verify the users who have not enabled the Two-step Verification and can then confirm to proceed for making the Two-step Verification mandatory for all the users.