The information in this article is relevant to the superuser. Would you like more information about the settings at user level? Read this article.
In this article we explain how to set two-factor authentication mandatory in Basecone. By using this setting, the Basecone environment is extra secured and it is mandatory for users to login with a verification code in addition to the known login details.
A superuser can enable this setting at the office level, it is not required. But as soon as this setting is set to Yes (the default is set to No), then it is mandatory for all users to make a choice between verification via SMS or via authenticator app in addition to the usual login details.
Please note: if you are using an SSO portal (single sign on), we recommend that you do not yet use two-factor authentication, as this is not yet supported.
Users then see the following error message when logging in: "This authentication method is not activated for environments in Basecone with two-factor authentication. Please contact your administrator / superuser for assistance."
The setting can be found at office level under the general tab, and can only be adjusted by the super user. To enable two-factor authentication, follow the steps below:
- Login as a super user
- Go to Settings > Office > General (tab)
- At the Two-factor authentication, click No (becomes Yes) and then Save
After saving the setting, the pop-up below will appear. You will be asked to confirm the activation of this setting, by clicking Yes, activate this setting is mandatory.
After making two-factor authentication mandatory, every user will not only have to enter a username, password and office code when logging into Basecone. But also an extra verification code. To obtain the verificationcode, the user has two options:
- Verification via SMS
- Verification via authenticator app
Verification via SMS message
When verifying via SMS, it is very important that every user registers their mobile number in Basecone. Two fields have been added to the user settings:
- Two-factor authentication: The Two-factor authentication field shows the office setting and cannot be adjusted by the user (it is grayed out).
- Mobile number: The Mobile number field is the number where the SMS will be sent to, containing the verification code.
The mobile number can be registered in the following way:
- First time login: The user is prompted to enter the mobile number. The SMS with verification code is sent and entered, after logging in with this code, this mobile number is saved with the status confirmed.
- User settings: A user with the role of super user and / or accountant can register the mobile number, this number will not be confirmed. When logging in, the user will be able to confirm this number with the correctly entered verification code.
Good to know: the mobile number is only used by Basecone to send a verification code by SMS.
Enter country code
The mobile number is stored, including the corresponding country code. You can enter the number with or without a country code. If the country code has been added (for example +31) the flag of the country will change to that of the entered country (in this case NL). If the country code is not added, the number will be saved with the country code selected via the flag, which can be selected from the drop-down menu. Here the 6 most used countries are listed first, the rest of the countries are listed in alphabetical order.