Security
      Back to home
      1. Redcat Help Centre
      2. Polygon Central
      3. Security

      Two Factor Authentication

      Summary

      This document describes how Two Factor Authentication (2FA) is used to enhance security when Admin Users connect to Polygon Central, or when Loyalty Members access their account profiles.   

       

      Contents

      Admin User 2FA

      Loyalty Member 2FA

      Password Security Features

      Setting Up Authenticator App

       

      Admin User 2FA

      If 2FA is enabled for Admin Users the Login screen will require entry of a PIN (or OTP) once the username and password has been entered. 

      2FA can be facilitated by: 

      • SMS 
      • Email 
      • Authenticator App (eg. Google Authenticator or Authy) 

      When logging in, an expiring OTP (One Time Password) will be forwarded to you either by SMS or Email, or you can obtain an OTP from your authenticator app.   

      Note:  OTP provided by SMS or Email are usually valid for a period of 5 minutes before expiring.  OTP obtained from an authenticator app will expire every 30 seconds and the app will refresh the OTP.

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML4c62b280.PNG


      Changing Authentication Mode

      The default Authentication Mode will usually be SMS or Email.   

      The authentication mode for an Admin User can be changed if desired: 

      To do this: 

      • Access Polygon Central 
      • Click your Username in the top right of the screen. 
      • Select Setup Two Factor Authentication from the menu displayed. 
      • Choose the new authentication mode from the Two Factor Auth Mode drop down box. 
        If you choose Authenticator App, the QR code required to the scanning into the app to setup your account is displayed. 
        If you choose SMS you may need to add your mobile number if it is not already recorded for your user. 
        If you choose Email ensure that your email address is correctly entered. 
      • Ensure that you use the Save button to finalise your change. 

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML4c760324.PNG

      Member Admin

      An Admin User can make adjustments to the 2FA authentication mode for members in the Member Admin section.  This may be required if a member: 

      • Has listed an incorrect mobile number or email address, or  
      • No longer has the authenticator app originally configured. 
         

      To do this: 

      • Access Polygon Central 
      • Choose Loyalty & Ordering from the menu 
      • Now select the Member
      • Choose the required authentication mode from the Two Factor Auth Mode drop down field.

      Graphical user interface, application Description automatically generated

      Note: An Admin User should never set the mode to Authenticator App.  This is because the QR code required to setup the account in the authenticator app will only be displayed when the member chooses this mode in the membership portal. 

       

      An Admin User also has the facility to log a member out from all mediums.  This will force the member to login the next time they access the membership portal or use their app. 
      Note:  this feature is available regardless of whether 2FA is turned on.

      • Use the Logout Member Everywhere button and the member’s token will be invalidated forcing them to login the next time they connect. 
      Graphical user interface, text, application Description automatically generated

      User Admin

      The changing of the authentication mode, and the ability to logout everywhere is also available for Users.  In addition, a field to record the users mobile phone number is also available to support the SMS authentication mode.

      Graphical user interface, application Description automatically generated

       

      Reporting

      Reports are available from within the Reports | Data Reports menu for visibility of the number of SMS’s sent and their status. 

      The available reports are: 

      • SMS Delivery Receipts – shows all the individual SMS’s sent and their status 
      • SMS Delivery Receipts totals – show total by status (default report is for the last calendar month). 

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML5079d74a.PNG

      These reports comply with the standard reporting architecture and as such can be customised as required using the report filter icon to access and change the applicable fields and filters. 

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML50816aae.PNG

      NOTE: The Textbook SMS gateway supplies a confirmation for every receipt and this allows the receipt time to be listed for each record.  Please be aware that should the confirmation communication fail, Textbook do not currently have error or retry logic within their system.  For this reason, it may be possible for a record to be reported without a receipt time. 

       

      Loyalty Member 2FA

      When enabling 2FA for an existing membership system it is recommended that a communication be issued to your membership base so that they know what to expect the next time they log on and are aware that they will need to check either their email or SMS to obtain the PIN. 

      Logging In

      If 2FA is enabled for Loyalty Members the Login screen when connecting to the Membership Portal will require entry of a PIN (or OTP) once the member’s username and password has been entered. 

      2FA can be facilitated by: 

      • SMS 
      • Email 
      • Authenticator App (eg. Google Authenticator or Authy) 

      When logging in, an expiring OTP (One Time Password) will be forwarded to the member either by SMS or Email, or they can obtain an OTP from their authenticator app.   

      Note:  OTP provided by SMS or Email are usually valid for a period of 5 minutes before expiring.  OTP obtained from an authenticator app will expire every 30 seconds and the app will refresh the OTP. 

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML50a33011.PNG

      Accessing or Updating Member Profile

      If the Loyalty system has been set to Enable TFA on Get Profile members will not be able to view their loyalty profile until they have authenticated using 2FA. 

      To do this: 

      • Click the Send Profile Verification Code button. 
      • Enter the code in the Enter Verification Code window and the profile details will be displayed.

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML50b254e5.PNG

      If Enable TFA on Update Profile is enabled for the Loyalty system the member will also be prompted for a code when they use the Save button. 

       

      Changing Authentication Mode

      The default Authentication Mode will usually be SMS or Email.   

      A member can change their authentication mode if desired: 

      To do this: 

      • Login to the Membership Portal 
      • Access Your Profile and choose the Update your login details button. 
      • Select Setup Two Factor Authentication from the menu displayed. 
      • Choose the new authentication mode from the Two Factor Auth Mode drop down box. 
        If Authenticator App is chosen, the QR code required for scanning into the app to setup is displayed. 
        If SMS is chosen the member may need to add a mobile number if it is not already recorded. 
        If Email is chosen ensure that the email address is correctly entered. 
        To turn off 2FA choose Disable Two Factor Authentication
      • Ensure that the Save button is used to finalise any change. 

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML50fb48bd.PNG

      Please note: If SMS is chosen as the authentication type and:

      - there is no mobile number associcated with the member profile, or

      - the business does not have SMS enabled for autentication purposes

      the two factor authentication PIN will be issued via email.

       

      Password Security Features

      Consideration should be given to implementing password security features in conjuction with 2FA.  You can find more information on password security strength here.



      Determining Password Strength 

      A member can determine the strength of a password by: 

      • Logging in to the membership portal.
      • Accessing Your Profile, then choosing the Update your login details button.
      • Choose Update Password

      The Update Password screen will be displayed showing the status of the current password.  The strength indicator will be updated if a new password is entered. 

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML50f9745b.PNG

       

      Setting Up Authenticator App

      If a user or member chooses to use an authenticator app, such as Google Authenticator or Authy, they will need to configure the app to be synchronised with Polygon Central. 

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML50ec16d9.PNG

      To do this:

      • Open the app and choose the + button to add an account. 
      • Choose the Scan Barcode option and use your device to scan the QR code provided when Authenticator App mode is chosen. 

      When the account is successfully added, a new line in your authenticator app will be shown for the loyalty site. 

      C:\Users\blacks\AppData\Local\Temp\SNAGHTML50f4c022.PNG

      Note: If you wish to stop using an authenticator app as the authentication method ensure that you make the change to your authentication mode BEFORE you remove the line from your app.  If you delete the line from the app first, you will not be able to connect to make the change.  In this case, you would need to contact the Administrator of the loyalty system and have then make the change for you before you will be able to connect again.