Two factor authentication management overview

Two factor authentication provides an extra layer of security for Civica Cx Housing, ensuring that only authorised personnel can gain access to their system account, even if their password has been potentially compromised. By activating the two factor authentication control mechanism, a system account can only be accessed on trusted devices that have been verified by the housing organisation - a process achieved through the compilation of an accepted IP address "whitelist" containing those trusted devices. Where an unknown device is employed to access Civica Cx Housing, an end user must also provide an additional security token along with their username and password credentials in order to successfully navigate through the standard login procedure. Generated via a multi-factor authentication vendor, this security token - otherwise referred to as a one-time verification code - can be dispatched to a registered mobile device in the form of an SMS text message, an email, or obtained directly through a mobile application. Typically, the required security token can be generated through the vendor's mobile application (downloaded from a digital distribution platform), or using a dedicated web portal. Once received, an end user then has a restricted time limit in which to login to their Civica Cx Housing account, inserting this additional token element.

Invariably, there will be many office-based laptops and PCs that are used regularly by housing officers and other authorised staff members to access Civica Cx Housing. Such controlled devices can therefore be legitimately employed to authenticate the end user requesting access to Civica Cx Housing through the login screen, without insisting on the submission of a further security token. To afford the greatest flexibility in managing this authorised device "whitelist", three IP address rule types are supported:

• Absolute IP - captures a single or group of known IP addresses (each separated by a comma);
• Range IP - accepts the upper and lower IP address thresholds for the range of devices in circulation;
• Wildcard - accepts an asterisk (*) character in any part of the IP address that is known to vary within the expected network and host permutations.

To invoke this added level of access security, a dedicated Integration Management service must be configured, reflecting the specific attributes and custom settings of the housing organisation's preferred multi-factor authentication vendor e.g. Celestix HOTPin. This service instance not only maps to the external web components necessary to communicate between the two systems but also stores the user-controlled "whitelist". To support system administrators in monitoring all attempted access into Civica Cx Housing, 'failed logins' are also captured; hence, whenever an end user's attempt to login to the system is denied, an entry is inserted into the traceability log, revealing the exception reason.

See related topics...

To add a trusted device to an IP address whitelist