Two Factor Authentication

Overview

DBSync's Org-Level Two-Factor Authentication (2FA) enhances security by requiring a one-time password (OTP) via email during login. Org admins can enable or disable this feature for their organization.

1. Enabling/Disabling 2FA

Who Can Enable/Disable:

  • Only Org Admins.

How to Enable:

  • Navigate to the Permissions Settings.

  • Enable checkbox: Enable Two-Factor Authentication.

  • Click Save.

Email Notification on Enable:

  • All users receive:

    • Subject: Two-Factor Authentication (2FA) Enabled for Your DBSync Account

    • Highlights 2FA requirement, OTP via email, and contact support instructions.

Email Notification on Disable:

  • All users receive:

    • Subject: Two-Factor Authentication (2FA) Disabled for Your DBSync Account

    • Notification of 2FA removal and security recommendations.

2. Login and Authentication Flow

  1. User enters username and password.

  2. If 2FA is enabled:

    • System generates an OTP.

    • OTP sent to registered email.

    • User enters OTP to proceed.

    • On successful entry, login is completed.

OTP Validity:

  • OTP is valid for 5 minutes.

OTP Channel:

  • Currently supported: Email only.

  • Future: SMS support planned.

Prompt Frequency:

  • Current: Every login.

  • Future: Options for device/user-based frequency (e.g., once every 7 days).

3. Email Templates

OTP Email:

  • Subject: Your DBSync Login Verification Code

  • Includes OTP, expiry time, support info, and security disclaimer.

Delivery Requirements:

  • Use a reliable email service provider.

  • Add headers to avoid spam/junk.

  • Include login URL for user convenience.

4. Error Handling

Scenarios & Actions:

  • Expired OTP: Prompt to regenerate.

  • 3 Failed Attempts: Account blocked for 1 hour.

  • Failed Email Delivery: Option to resend OTP.

Blocked Account Notifications:

  • User Notification:

    • Informs about 1-hour block, retry instructions, and support contact.

  • Org Admin Notification:

    • Identifies blocked user, email ID, and timestamp.

    • Advises internal verification and contact with DBSync Support.

  • DBSync AppCenter Notification:

    • Email with org name, ID, admin email, and timestamp.

Unblocking Mechanism:

  • Admins can unblock via a new flag in the AppCenter Org object.

5. Security Measures

  • OTPs are unique, secure, and time-bound.

  • Accounts lock after repeated OTP failures.

  • OTP logs maintained for audit.

6. User Roles and Permissions

Role
Can Enable/Disable 2FA
Must Use 2FA (if enabled)

Org Admin

Yes

Yes

User

No

Yes

Last updated