You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

Looking for the Diagnostic Utility?

Click Here For Download and Usage Instructions

Enable Authy Push Support in PortalGuard


Problem

You wish to utilize a Authy Push token with your PortalGuard website for MFA or Self-Service functionality.

 

Solution:

 

Enable support for Authy Push authentication within PortalGuard.

Quick Navigation:

Requirements:

  1. Must be using PortalGuard Version 6.5.2.1 or Later
  2. Only Authy Push authentication is supported. Authy's mobile OTP and Authy SMS are not supported.
  3. PortalGuard must be configured to use SQL.
  4. The PortalGuard server must be able to make HTTPS requests directly to the internet.
  5. Admins manage users directly through Authy's own management console.
  6. End-user's must download the Authy application from the appropriate store on their phone.
  7. Authy Push is supported for: 
    1. Login
    2. Password Change
    3. Account Unlock
    4. Password Reset
    5. Password Recover
  8. Authy Push is NOT supported for:
    1. Radius/VPN Support
    2. Desktop 2FA


Authy Initial Configuration Steps:

  1. Log into the Authy Admin Dashboard as an Authy administrator at the following link: Authy | Twilio 
    • You will need to copy a value from this browser session to the PortalGuard server so launch the browser on the appropriate machine with that in mind.
  2. Select the 'Get Started' option to complete the initial configuration of the Authy's API to implement two-factor authentication.
    • Verify your Phone Number on your Twilio Account.
  3. Create a 'Friendly Name' for your application.
    • The selected name for the Authy application will be exposed to your end-users, so use a name that your end-users would expect to see, e. g. "ACME Multi-factor”.

    •  
  4. Add your first user.
    • NOTE: You will want to make sure to use your own phone number for this initial user, as we will want to test a real authentication attempt.
  5. Send your first Authentication Token via your preferred method.
  6. Provide the Authentication Token in the next window.
  7. Navigate to the Applications tab to see your new Authy Application! 
  8. Select your Authy Application, and navigate to the settings section in the left bar.
  9. Copy the Production API Key somewhere safe, as we will need it in the next section for PortalGuard Configuration. 

 

PortalGuard Initial Configuration Steps:

  1. On the PortalGuard server, open the PortalGuard Configuration Editor and select 'Edit Bootstrap'.
  2. Navigate to the Services -> H/W Tokens -> Authy tab. 
  3. Check the 'Authy Support' box to enable the fields below for input.
  4. Input the Production API Key from your Authy Application into the 'Authy API Key' field.
  5. Click ‘Test Credentials’ to verify that the Authy API Key is valid.
  6. Save the Bootstrap configuration.
  7. Navigate to the Security Policies tab, and for each Security Policy where Authy should be enabled for end-users, please do the following:
    1. Open/Edit the Security Policy.
    2. Navigate to the Authentication Methods -> Tokens-> Push tab.
    3. Enable the 'Allow Authy' checkbox
      • NOTE: This step only makes the associated OTP type checkboxes available in other parts of the security policy!
    4. For each option in the top-level Actions tab where Authy should be available (e.g. Login, PW Reset), enable the Authy checkbox:
      • If desired, change the Default OTP Method to 'Authy'.
    5. Save and close the Security Policy
  8. Once you are done enabling Authy for specific Security Policies, Sync/Apply the settings for them to take effect!

 

PortalGuard User Configuration Steps:

  1. To enroll Authy, please follow the steps outlined below:
    1. Please download and install the Authy application from your phone's app store.
    2. Login to PortalGuard and navigate to the Account Management page.
    3. Click on the Authy tab.
    4. Click on the Enable Authy link.
      • Enter your Phone Number and Email Address for Authy Enrollment.
        • NOTE: This information will be pre-populated if the user has already enrolled a phone number/email address with PortalGuard.
    5. Click the Start Enrollment box.
    6. Next, a notification should appear on the user’s phone from the Authy application.
      • Click on the notification to view the OTP for enrollment.
    7. Enter the OTP to complete enrollment.
    8. Click the ‘Continue’ button to complete the Authy enrollment.
    9. To verify that the enrollment was successful, refresh the account management page and view the enrollment status.

 

REV. 10/2021 | PortalGuard

  • 155
  • 04-Nov-2021
  • 53 Views