Two Factor Authentication
A user should reach this page only from the Login page, or in the event that this registration (html) page detects that the client already exists.This page will not be displayed, for already connected users (with session cookie), that will be redirected to the portal page.
Page url is: Domain/Login_2FA. The HTML is flex (responsive) for any mobile device / browser view port size.
Web Page Structure
Body id | Page Prefix / SMS / Email Templates | Fields List |
---|---|---|
Login_2FA |
Login_2FA_Page
2FA_Phone_Code 2FA_Email_Code |
A single field to enter Temporary passcode:
'Security code from Authenticator App' 'Security code from your Phone (text message)' 'Security code from your Email' 'Security code from Phone Call' |
Use this id for custom css and js |
Edit this key in Website Content
You can add title and logo to the window... |
You can change the field's title translation, using the Override Captions tool.
Possible technologies by the field [hyp_Server Side Automations Settings].[Website Login OTP] :
|
Confirm (submit) Button
Each client can only choose a single method to receive a temporary identification code (is stored in the field[hyp_Clients Website Ext. Record].[Send OTP over]
):
- WAF check the session cookie and the amount of calls from user's IP address.
- For Authenticator App: Nothing is sent, the page just wait for digits from the client and compare it to Algorithm ___.
-
For SMS: the content template is "2FA_Phone_Code". Use the {#code}tag as placeholder for 7 chars password.
You can merge fields from the[hyp_Clients]table. Be carfull with final message length (SMS costs money according to length).
If template does not exist, then the SMS content will be in English: 'Your Security code is: #######'. -
For Email: the content template is "2FA_Email_Code". Use the {#code}tag as placeholder for 7 chars password.
The message will be sent to address[hyp_Clients].[Email].
You can design a rich message with graphics and merge fields from the[hyp_Clients]table. unlike SMS you have no costs for sending an email.
If template does not exist, then the message subject will be 'Security code for '+Website_English_Title,
and the message body will be 'Your Security code is: #######'. -
For Phone Call: Hyper will random a number between 100000 to 999999 and save it in the fields: [PBX Token] + [PBX Token at UTC].
Then hyper is calling the PBX app to call the client at[hyp_Clients].[1st Phone]. -
Check that the form was posted from an Html page, generated by this site AND Verify the Passcode.
If everything is OK, then load the complete client file and route the browser to'Portal'page (display main menu, or to continue client's on boarding process).