Two-factor authentication

Two-factor authentication (2FA) is a secondary layer of security to protect developer account sign-up and system login. A verification code is sent through SMS and email to be used each time a developer logs in to a ClearBlade account.

Admin account

2FA can be enabled and set up under the Security tab on the Admin Management page for the admin account systems.

Security

Setting

Description

Setting

Description

Require Two Factor Auth

When the checkbox is checked, 2FA is required for the instance’s developer accounts

Dev Token TTL

The time for which the developer token is valid

Click Configure to open the communication modules.

Click Update to save changes.

Email communication

image-20240116-202437.png

Setting

Description

Setting

Description

Protocol

We only support SMTP at this time

Encryption Type

Choose an email communication encryption protocol

Host

The domain name that contains the SMTP server (such as smtp.gmail.com)

Port

A list of common SMTP ports is provided for you to choose from. Port 587 is recommended as a default port, as most SMTP servers can use this port

Username

The SMTP email being used to send the validation email

Password

The SMTP email account’s login password

From Email

Where will the email be sent from

Validation Subject

Validation email subject line

Validation Message

Validation email body message. There will be a default message if this field is left blank. $LINK will be replaced with the generated validation link. HTML is supported

Two Factor Subject

The subject line when sending emails with login codes to developers

Two Factor Message

The message in the email’s body when sending emails with login codes to developers. There will be a default message if left blank. $CODE will be replaced with the generated login code. HTML is supported

SMS communication

Setting

Description

Setting

Description

Service Name

We only support Twilio at this time

URL

The messaging service’s URL

Username

Account SID

Password

Authentication token

From Number

The phone number that the message will be sent from

Validation Message

The validation text body message. $LINK will be replaced with the generated validation link. There will be a default message if this field is left blank

Two Factor Message

The message in the text body when sending login codes to developers. $CODE will be replaced with the generated login code. There will be a default message if this field is left blank

Appearance and other tools

Communication information should appear in the appropriate sections.

Setting

Description

Setting

Description

Configure

Opens the communication settings module

Test

Sends test email/SMS messages

Delete

Deletes the communication settings

Developer account

If 2FA is enabled at the admin level, then the settings cannot be overridden at the developer level.

Dev accounts can enable 2FA for their login by marking the Enable Two Factor Auth checkbox in Account Settings under the username. Users must validate their chosen method before updating their 2FA settings. There is an option to validate methods by clicking Send Validation Email (or Text).

Setting

Description

Setting

Description

Enable Two Factor Auth

When the checkbox is checked, 2FA is required for logins and sign-ups on a developer’s system

Default Two Factor Method

Choose to have the authentication code sent to a validated email, SMS, or both

Two Factor Email

An email must be validated before it can receive a login code. The validation status appears next to the email. There is an option to send a validation email

Two Factor Phone

A phone number must be validated before it can receive a login code. There is an option to send a validation email. The validation status appears next to the number. There is an option to send a validation text

Click Update Settings to save changes.

Login attempts and disabling account

The login code becomes invalid after the first failed login attempt. The developer must reattempt the login process after the code is resent three times.

If the default validated 2FA method (email/phone number) is removed, the account will be disabled, and the developer will be locked out.