2 Factor Authentication

As of version 6.3.0.12, Vertec supports a 2nd factor for logging into Cloud Clients (Cloud app, Web app, Phone app) via Authenticator app, e.g. Google Authenticator.

The Authenticator app must be a “soft token” app that generates a one-time password. This principle does not require communication between the Authenticator app and Vertec, only a common secret has to be exchanged once. Because of this secret, the Authenticator app and Vertec can both generate and compare the same codes independently.

The prerequisite is that the time on the mobile device and on the Vertec server match.

Under System settings > Authentication, there is a setting Use 2 Factors for Cloud Clients (Vertec and LDAP). If this setting is enabled, the following happens:

• When the user logs in to Vertec for the first time after activating the system settings with a username and password, they will receive a dialog to set up Two Factor Authentication (2FA). They can only cancel or leave this page in an orderly manner. In either case, the user is immediately logged out and then has to log in again.
• If you cancel, the secret will not be saved. The next time you try to log in, the Setup dialog will appear again.
• When saving, the secret is saved. The next time he tries to log in, he must specify the appropriate Authenticator Pin.
• Other actions in Vertec are not possible until 2FA has been set up for the user and the user logs in again.

Two-Factor Authentication also works in the Phone app, but the setup of authentication as described here must be done in the Cloud app or the Web app. Only there will the Setup dialog appear. Each user must first log in to a Cloud app or Web app and set up Two-Factor Authentication before using the Phone app with Two-Factor Authentication.

The setup dialog looks like this:

Start your Authenticator app and scan the displayed code or enter the code provided. Once you see a code designation “Vertec” in your app, you can click OK. From this point on, the two systems will be paired. From then on, when logging in to Vertec, enter the code generated by the Authenticator app as a second factor.

In case of emergency, such as loss of mobile phone or data, the administrator can reset the secret of an user. To do this, the administrator can log in and open the dialog on the corresponding user via the context menu or menu Actions > 2. Edit Factor for Authentication and click on the button Delete Token.

The next time they log in to a Vertec Cloud App or Web app, the user can then generate and exchange the new code.

If the administrator has self-excluded and a reset is not possible, please contact Vertec support.

A normal user can show the 2FA secret with the code at any time, but cannot regenerate it.