Two Factor Authentication
Overview
DBSync's Org-Level Two-Factor Authentication (2FA) enhances security by requiring a one-time password (OTP) via email during login. Org admins can enable or disable this feature for their organization.
1. Enabling/Disabling 2FA
Who Can Enable/Disable:
Only Org Admins.
How to Enable:
Navigate to the Permissions Settings.
Enable checkbox: Enable Two-Factor Authentication.
Click Save.
Email Notification on Enable:
All users receive:
Subject: Two-Factor Authentication (2FA) Enabled for Your DBSync Account
Highlights 2FA requirement, OTP via email, and contact support instructions.
Email Notification on Disable:
All users receive:
Subject: Two-Factor Authentication (2FA) Disabled for Your DBSync Account
Notification of 2FA removal and security recommendations.
2. Login and Authentication Flow
User enters username and password.
If 2FA is enabled:
System generates an OTP.
OTP sent to registered email.
User enters OTP to proceed.
On successful entry, login is completed.
OTP Validity:
OTP is valid for 5 minutes.
OTP Channel:
Currently supported: Email only.
Future: SMS support planned.
Prompt Frequency:
Current: Every login.
Future: Options for device/user-based frequency (e.g., once every 7 days).
3. Email Templates
OTP Email:
Subject: Your DBSync Login Verification Code
Includes OTP, expiry time, support info, and security disclaimer.
Delivery Requirements:
Use a reliable email service provider.
Add headers to avoid spam/junk.
Include login URL for user convenience.
4. Error Handling
Scenarios & Actions:
Expired OTP: Prompt to regenerate.
3 Failed Attempts: Account blocked for 1 hour.
Failed Email Delivery: Option to resend OTP.
Blocked Account Notifications:
User Notification:
Informs about 1-hour block, retry instructions, and support contact.
Org Admin Notification:
Identifies blocked user, email ID, and timestamp.
Advises internal verification and contact with DBSync Support.
DBSync AppCenter Notification:
Email with org name, ID, admin email, and timestamp.
Unblocking Mechanism:
Admins can unblock via a new flag in the AppCenter Org object.
5. Security Measures
OTPs are unique, secure, and time-bound.
Accounts lock after repeated OTP failures.
OTP logs maintained for audit.
6. User Roles and Permissions
Org Admin
Yes
Yes
User
No
Yes
Last updated