by 38 Elements

With Sugar 2FA you get an extra layer of protection by adding 2-factor authentication to your SugarCRM. In this case, a potential attacker needs more than just your username and password credentials. Users do not need to remember any additional information; they just need to access the authentication app installed on their mobile phones and enter a temporary 6-digit security token as the second step of the login process.

Due to the high demand we have now added a support for Sugar On-Demand. Even if you are using SSO (single sign on) on your Sugar you will still be able to add 2-factor authentication to your Sugar authentication process.

Free Trial

By clicking you consent to share your profile with the developer

#4497 - Log in using the Authenticator code

Closed Bug? created by websupport a year ago

Hi Team,

I have been testing 2FA to implement on our sugar instance however I have come across a scenario where the 2FA code from the Authenticator app did not work.

Following are the Steps taken to reproduce the result:

  1. Setup 2FA with authenticator app and the log in and out 2-3 using the Authenticator codes
  2. Then I use the ‘Send Code to User' function which emails the 5 min expiry code
  3. Now instead of using the email code - I (admin) decide to reset the 2FA for that user and log in the first time with the code on the Authenticator app
  4. Then log back out and try logging back in using the Authenticator codes - it wouldn't log in unless I have first use the email code sent out again.

Does this mean that resetting the 2FA still requires to send out an email code even after it let you log in on the first attempt after resetting the users 2FA account or is this by design?

Thanks Azlan

  1. eontek member avatar

    38 Elements Provider Affiliate

    a year ago

    Hello, thank you for showing interest in our module!

    if you used 'Send Code to User' action and then 'Reset 2FA Secret Code', you left that user in the mode that expects email-sent code. In that case you'd need to send email once more and use the code received in the email. 'Send Code to User' always takes precedence, if you used this option you need to enter the code received via email. And, as I said, you reset the code in the meantime you'd need to send another email and log in using the received code.

    • websupport member avatar

      websupport

      a year ago

      Hi,

      Thank you very much the answer. That explains it.

      I was also wanting to find out if there is a setting or a way to extend expiration time of the email-sent code ? or is it fixed at 5 mins?

      Cheers Azlan

  2. eontek member avatar

    38 Elements Provider Affiliate

    a year ago

    Hi Azlan,

    yes, temporary code expires in 5 minutes and there is currently no setting for it.

  3. websupport member avatar

    websupport

    a year ago

    Thanks for you support.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "Support has been first class, and the development team is open to new ideas. Highly recommended" - BradLohoar

    Read More Reviews