2FA

Portal 2FA Settings

SessionLimit is used to secure entries to the portal screen.

Users can use SMS for 2FA at login to the portal

Users are forced to use SMS when entering the Portal. The attribute from which the user's mobile phone number will be read must be selected in the LDAP settings and the mobile phone number must be written in this attribute. Otherwise he cannot log in.

Users can use Authenticator for 2FA at login to the portal.

When entering the Portal, users are forced to enter with the Authenticator software installed on their mobile phone. The user must definitely set the Authenticator setting. Otherwise he cannot log in.

Captcha Is Enabled

It is a security measure used to prevent the username and password from being repeatedly tried when logging in. Works with Failed Attempt. After the number of incorrect entries specified in this field, a captcha appears on the screen and the login process cannot be successful unless this captcha is entered correctly.

Failed Attempt

It is a setting used when Captcha is turned on. It allows captcha to be displayed on the screen after the number of incorrect entries specified in this field.

A minimum of 3 and a maximum of 10 can be entered in this field. The default value is 3.

SMS Text Settings

You can determine the format of the SMS that will be sent to the user during 2FA transactions via SMS in both the calendar and the portal. There is a total limit of 160 characters. This length will necessarily decrease when special characters are used. You must send the OTP code to the user with special code blocks in the SMS.

<@REF> This is a code used to verify that users' incoming SMS was actually sent via SessionLimit. It is produced specifically for SMS and a different reference number is generated each time an SMS is sent. It is recommended to be included in the message. This information is also displayed on Portal and Agent entries.

<@OTP> is the verification code to be used in 2-way verification. It is a 6 digit number. You can log in to the system using this code. If this field is not sent in the message content, users cannot log in to the system because they will not know the code.