This is documentation for an outdated product. See the current documentation

ISPmanager 5 Business Documentation

Two-step authentication

 

By default, a user enters only his username and password to log in to the control panel. For better protection of your account, enable the two-step authentication. When this option is activated, a user needs to enter: 

  1. The login and password. 
  2.  A one-time digit password generated through Google Authenticator.

How to enable two-step authentication for users

  1. LogintoPlay Market or App Store and download and install Google Authenticator. The application can be installed on Android 2.1. and later, and the latest version of iPhone and iPad. The application does not require an active Internet connection or cellular connection.
  2. Log in to the control panel and navigate to Settings → User settings → Enable two-step authentication. You will see a new form with a QR-code, the Account nameand Key.
  3. Run Google Authenticator on your cell phone.
  4. Click on Start Skip Scan QR-code .
  5. Scan the QR code that appears. You will see a six-digit code.
  6. If the application cannot read the code:
    1. Click on Enter the key.
    2. Enter the Account name and the Key specified in the control panel. You will see a six-digit code.
  7. Enter the password in the One-time password field in the control panel.
  8. Click on Ok.
Note:
Make sure that your server time and mobile device (with Google Authenticator installed) time are synchronized.

If you have issues with 2-step authentication, or QR-code cannot be used, complete the following steps:

1. Check your server time and date.

2. Check Google Authenticator settings:

    1. go to Settings menu → Correct time for QR-codes → Synchronize . You will see a confirmation message. Now you can use temporary codes to set up 2-step authentication. Synchronizationmayinfluenceonlyan internal name of Google Authenticator and is not shown in device data and time settings.
    2. If in Google Authenticator you cannot find Settings, check time synchronization in your mobile device.

Authentication

After you have enabled the 2-step authentication for BILLmanager user, you need to complete 2 steps on the login form:

  1. Enter your Login and Password.
  2. Click on Log in.
  3. Run Google Authenticator on your cell phone
  4. Enter the One-time password from the application.
  5. Click on Ok.

Disabling 2-step authentication

  • Navigate to the "User settings" module.
  • Click "Disable two-step authentication" and enter the 6-digit code generated in Google Authenticator.

In order to disable 2-step authentication via console, remove the relevant data from the database /usr/local/mgr5/etc/ispmgr.db, "totp" table.

Authentication with root and admin permissions 

When you enable the 2-step authentication as a root or admin user, please pay attention to the following information:

  • When you enable the 2-step authentication for the root user, you won't be redirected to the "admin" level automatically. That's why you need to go to "Management" – "Staff" – select the "admin" user, and click "Log in". 
  • When you enable the 2-step authentication for an admin or another user, you need to enter its credentials rather than the root username and password to log in to the client area. You need to set the admin password in  "Management" – "Staff" – select a staff member, and click "Edit".  Enter the password in the form that will open.