This plugin offers two-factor authentication via mobile phone.The plugin first verify that socialengine user have access to the phone associated with the phone number socialengine user specify by sending a code to the phone via SMS. Once socialengine user verified possession, then any time socialengine user login to new device or browser,This plugin sends a new code to user phone, which user must specify before logging in. It adds a small extra step to the login process but makes user account much more secure.
With the help of Socialengine 2-step Verification Plugin, your community is a more secure way of logging in to a website. In addition to entering a password online, a user has to enter a random verification code generated at login time. This combination of passwords makes it easier to safeguard your applications.
This plugin is used Twilio Networks HTTP API to send messages, meaning you will need a valid Twilio Networks username and password in order to be able to send SMS messages. The account can be obtained from the https://www.twilio.com
Plugin Features
- Add new security layer to login process.
- Send the unique verification code
- Verification required only once (During login) on new system or new browser.
- Reduce fraudulent and Minimize the spamming.
Installation
Basic Requirements For SSO
SocialEngine 4.8.7+
Twilio Account Information
1. Socialengine 2-Step Verification Plugin Installation
Plugin installation will function very similarly to the SocialEngine upgrade process.
- Log into your SocialEngine 4 site and access the Admin area.
- Access the Manage menu and click on Packages & Plugins.
- Click on the Install New Packages link, then on the Add Packages link.
- Select the module-twowayauthentication-xxx.tar file where you extracted the downloaded zip
package. - Follow the step-by-step wizard to complete the installation of the plugin files.
- Go to the admin->layout->layoutEditor and place the Two way authentication widget on
Landing page.Then Click on save Changes.
2. Initial Configuration
- Create account on Twilio. Follow this link for create account on twilio
https://www.twilio.com.
If you created trial account on Twilio then you can send SMS to only the verified number of twilio account. For send SMS on any number you need to create premium account or upgrade the twilio account.
- For save your Twilio Account Info, Go on the Social engine site Admin > Plugins > Two way
Authentication . - Enter the Account SID,Auth Token, Twilio Number and Click on save button.
3. How it is work
- When user signIn on socialengine site through the Socialengine 2-Step Verification Plugin,enter the valid email
address and mobile number over there and click on send. Within a second user will get the verification code and
move on the next form. - When user Enter the valid verification code then Two step verification User Login form will show otherwise Error
message will show. We save email address/mobile number in php session, so we if a user have already verified no
need to again verification,when user come again on the same browser. - Move on the next form that Two step verification User Login. If User enter valid email address and password then
User login successfully otherwise error message will show.