2 Factor Authentication

For an overview of all authentication options, see Overview Authentication .

As of version 6.3.0.12, Vertec supports a 2nd factor for logging into cloud clients (cloud app, web app, phone app) via Authenticator app, e.g. Google Authenticator.

The Authenticator app must be a “soft token” app that generates a one-time password. This principle does not require communication between the Authenticator app and Vertec, only a common secret has to be exchanged once. Because of this secret, the Authenticator app and Vertec can both generate and compare the same codes independently.

The prerequisite is that the time on the mobile device and on the Vertec server match.

Under System settings > Authentication, there is a setting Use 2 factors for cloud clients. If this setting is activated, the following happens:

• When the user logs in to Vertec for the first time after activating the system setting with a username and password, they will receive a dialog to set up Two Factor Authentication (2FA). They can only cancel this page or leave it in an orderly manner. In both cases, the user is immediately logged out and then has to log in again.
• If you cancel, the secret will not be saved. The next time you try to log in, the Setup dialog will appear again.
• When saving, the secret is saved. The next time he tries to log in, he must specify the corresponding Authenticator Pin.
• Other actions in Vertec are not possible until 2FA has been set up for the user and the user logs in again.

The two-factor authentication also works in the phone app, but the authentication setup as described here must be done in the cloud app or the web app. Only there will the Setup dialog appear. Each user must first log in to a cloud app or web app and set up the two-factor authentication before using the phone app with two-factor authentication.

The setup dialog looks like this:

Start your Authenticator app and scan the displayed code or enter the code provided. Once a code with the designation “Vertec” appears in your app, you can click on OK. From that point on, the two systems are paired. From then on, when logging in to Vertec, enter the code generated by the Authenticator app as a second factor.

In case of emergency, such as loss of mobile phone or data, the administrator can reset the secret of a user. To do this, the administrator can log in and open the dialog on the corresponding user via the context menu or menu Actions > 2. Edit factor for authentication and click on the button Token löschen.

The next time the user logs in to a Vertec cloud app or web app, they can then generate and exchange the new code.

If the administrator has self-excluded and a reset is not possible, please contact Vertec support.

A normal user can show the 2FA secret with the code at any time, but cannot regenerate it.