Sangoma CX Technical Note - Sangoma CX Multi Factor Authentication
Introduction
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application or online account.
MFA is a core component of a strong Identity and Access Management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.
Sangoma CX version 6.69.25 supports MFA. The implementation relies on Google Authenticator App as the second verification factor. Any user (Administrators, Supervisor, Managers and Agents) can activate MFA to increase the security on their accounts.
Prerequisites
Users must have an Android or IOS device with the Google Authenticator App installed and linked to their Sangoma CX user (To link a device see the Activating FMA steps below). This App is available on the following URLs:
Considerations
This feature is available in Sangoma CX v.6.69.25.and higher. The version number is displayed on the bottom left corner of the Sangoma CX UI.
For Agents, MFA is limited to for use with the Agent Panel UI. If MFA is activated, agents won’t be able to login on Sangoma CX Agent App or Sangoma CX Salesforce Connector
If a user activates MFA on his/her account and does not have the device to provide the MFA token, the user will not be able to login into the platform. Administrators have the ability to disable MFA for a user by unchecking the “MFA Enabled” option under their accounts.
How to turn on FMA
Access Your User Profile
Log into the Sangoma CX.
Open the “ My profile” screen.
For Admins, Managers, Supervisors:
Click on your user name in the top right corner of the page.
Select My Profile.
For Agents (Agents Panel UI):
Click on your profile picture in the top right corner of the page.
Select My Profile.
Activating FMA
Once users are on the “My Profile” screen follow these steps
On the My Profile Screen click on “MFA Setting”.
The “Multi Factor Authentication Screen” will open:
Enter your password in the “Password” field.
Click the “Confirm Your Password” button.
If the user password is valid a QR code will appear.
Open the Google Authenticator App on your device.
Scan the QR code to import the account.
Once the Google Authenticator App has completed importing the account a token will be displayed.
Return to the Sangoma CX profile window.
Enter the token provided by the App in the Token field and click the “Send Token” button.
If the token is valid the user account and the device having the linked account is binded for future logins.
The following images provide a visualization of the process of Activating FMA.
Login Using FMA
Using your browser Navigate to the Sangoma CX, URL.
The login screen will appear.
Enter your Username in the “Login” field and click on “Next”.
When prompted enter your “Password” and click on “Next”.
Once validated, a token will be presented in the by Google Authenticator App on the device with the binded user account.
When prompted enter the token provided by Google Authenticator App in the “MFA Token” field and click on “Login”.
If validated the user will have access to the Sangoma CX platform.
The following images provide a visualization of the login process.
Disabling FMA for a User
Administrators can disable MFA on any user by unchecking the “MFA Enabled” option in using the user edit screens.
Login to Sangoma CX using your Admin Credentials
Select System from the menu at the top of the page.
Select the Users option.
Click on the Username of the user to be updated.
Uncheck the MFA Enabled option.
Click Save.