Experience unparalleled security with 2FA for Sugar. Our 2-factor authentication feature adds an extra layer of protection to your SugarCRM, making it nearly impossible for potential attackers to access your sensitive data. With our easy-to-use system, there's no need to remember additional information - simply access the authentication app on your mobile device and enter a temporary 6-digit security token for secure and seamless access. Upgrade to 2FA for Sugar today for the ultimate peace of mind in data protection.
Due to the high demand, we have now added a support for Sugar On-Demand. Even if you are using SSO (single sign on) on your Sugar you will still be able to add 2-factor authentication to your Sugar authentication process.
#4497 - Log in using the Authenticator code
Hi Team,
I have been testing 2FA to implement on our sugar instance however I have come across a scenario where the 2FA code from the Authenticator app did not work.
Following are the Steps taken to reproduce the result:
- Setup 2FA with authenticator app and the log in and out 2-3 using the Authenticator codes
- Then I use the ‘Send Code to User' function which emails the 5 min expiry code
- Now instead of using the email code - I (admin) decide to reset the 2FA for that user and log in the first time with the code on the Authenticator app
- Then log back out and try logging back in using the Authenticator codes - it wouldn't log in unless I have first use the email code sent out again.
Does this mean that resetting the 2FA still requires to send out an email code even after it let you log in on the first attempt after resetting the users 2FA account or is this by design?
Thanks Azlan
3 years ago
Hello, thank you for showing interest in our module!
if you used 'Send Code to User' action and then 'Reset 2FA Secret Code', you left that user in the mode that expects email-sent code. In that case you'd need to send email once more and use the code received in the email. 'Send Code to User' always takes precedence, if you used this option you need to enter the code received via email. And, as I said, you reset the code in the meantime you'd need to send another email and log in using the received code.
3 years ago
Hi,
Thank you very much the answer. That explains it.
I was also wanting to find out if there is a setting or a way to extend expiration time of the email-sent code ? or is it fixed at 5 mins?
Cheers Azlan
3 years ago
Hi Azlan,
yes, temporary code expires in 5 minutes and there is currently no setting for it.
3 years ago
Thanks for you support.