Two-Factor Authentication In Odoo
Having an extra layer of security for granting access to ERP systems is always a good move in right direction. Two-Factor Authentication (2FA) also known as Two-step verification acts as an added layer of protection for users by involving two authentication factors to verify the user’s identity. This helps to protect the system by reducing the risk of unauthorized access.
Odoo provides us the option of 2FA for which you can use any authenticators that are available like FreeOTP, LastPass Authenticator, Google Authenticator, Microsoft Authenticator. In short, the process can be described as generating & Storing a secret code in Authenticator linked to your account and using codes in authenticator while trying to log in to the system. Here for the purpose of demonstrating we will use Google Authenticator which can be easily downloaded & installed from Google Play Store & Apple App Store.
Practically, it means storing a secret code inside an authenticator (usually your cell phone) and using the code in the authenticator app when you try to log in.
Setup Two Factor Authentication:
Once the desired Authenticator has been downloaded & installed we can go to set up two-factor authentication in our system.
Once the user signs in using credentials, Open My Profile/ My Preferences.
We can enable Two-factor authentication under Account Security by clicking on the button ‘Enable two-factor authentication’. Considering the sensitivity of operation & maintaining the security of the account, we have to enter our password again as a security measure.
After entering the password, click on Confirm Password button.
We can either scan the barcode with the app or enter secret code manually
Scan the image using the Authenticator app. The app will process all setup itself.
Enter the secret code generated in the Authenticator app. Click on the ‘Enable two-factor authentication’. It will thus complete the setting up of the two-factor authentication process.
If you are not able to scan the barcode, we can enter the code manually by clicking on ‘enter the secret code manually’. This will show the user secret code which has to be entered as a key.
After entering the key generated, the user has to use the verification code generated in the authenticator app (phone), which completes the setup process manually.
We can confirm 2FA being enabled by observing the message ‘Two-factor authentication enabled’ in Account security. We can also disable 2FA by clicking on ‘Disable two-factor authentication.
Using Two-Factor Authentication:
Enter the Email & your password as usual on your website
When you click on Log In, it will ask for Authentication Code which will be generated & displayed in your authenticator app on your phone.
Note that the Authentication Codes changes within the stipulated time while it being time-based. Check secret code before entering the same in the system.
After, entering your secret code, click on verify. It will then direct to your website.
Two-Factor Authentication provides better security as any person to access the system would require a password as well as your authenticator device. Maintain caution while using the authenticator & don’t lose it as you will need Odoo administrator to disable Two-factor authentication.
If you are having any further queries or is looking for a reliable Odoo Implementation partner, contact us on our website www.infintor.com. Our team of experienced developers, designers, and consultants will help you create the perfect solution custom made to meet all your requirements in a time-bound and cost-effective way.