LiquidFiles Documentation
LiquidFiles Documentation

SMS based Two-Factor Authentication

In this article, we're going to enable Strong Two-Factor Authentication using SMS.

In order to send SMS from LiquidFiles, we need to use a SMS gateway and in this article we're going to use www.Clickatell.com.

Video Overview

Configuring Clickatell

As a first step, sign up for an account with Clickatell and confirm the account. Once you've confirmed the account and logged in for the first time, please click on "Get started" creating a SMS integration.

At this next screen please follow the steps they have outlined:

  • Add 1-3 test phones.
  • Copy the API key, in this example: QlklpUTxTRuJlBvw77sLGw==
  • The integration is now in Sandbox mode and will be until you click "Activate now". If you just want to test the SMS integration, don't click "Activate Now" or you won't be able to send messages until you've added billing and topped up your account. You can stay in Sandbox mode only sending to your test phones for as long as you want to test the integration.
  • If you are a customer from US or Canada please apply this setup due to the One-way messages regulations in your countries.

Moving to production with Clickatell

To move from Sandbox to Production mode, first enter your billing details and then click on the Active now button. When going through the Activation Process, the default settings are fine:

And feel free to give it a more friendly name if you want.

Enabling SMS Authentication in LiquidFiles

Please go to Admin → Configuration → Strong Auth SMS and enter the SMS Auth Configuration, with the Clicktell API key. In our example above, the line you want to copy is:

https://platform.clickatell.com/messages/http/send?apiKey=QlklpUTxTRuJlBvw77sLGw==&to={{phone_number}}&content=LiquidFiles Token: {{message}}

A couple of notes on the different variables:

  • {{phone_number}} will be replaced by the users phone number. Clickatell assumes that a phone number with country code 1 and phone number 234-568-890 is entered as 1234567890 with no leading + and no spaces.
  • "LiquidFiles Token: {{message}}" — the {{message}} part is what will contain the randomized token. Without this authentication won't work, and feel free to change "LiquidFiles Token:" to something else if you want.

From this page you can send test messages to your test phones as needed.

Enabling SMS Authentication for users and groups

You can enable SMS based authentication either on a per user or per group basis.

For user, please go to Admin → Users, click add or edit the user you want to change and select either SMS OTP Require or SMS OTP Enable.

If you select Enable, users have a choice to increase the security on their account. If you select Require, they have to enabled SMS based One Time Passwords.

For groups, please go to Admin → Groups, click add or edit on the group you want to change, you have the same options as for users.

End User View — SMS Enable

If you configure "SMS Enable" on either a per group or per user basis, a user can choose to go can go to their Account Settings Page and it will look like this:

If they enter their phone number, a randomized token will be sent to their phone and they will then be required to enter a randomized token sent via SMS for each subsequent login.

End User View — SMS Require

If you configure "SMS Require" as a Strong Auth setting on either a per user or per group basis, the next time the user login, they will be required to sign-up with their phone number:

And from then on, the user will be sent a randomized token each time they authenticate to LiquidFiles.

Configuration for US and Canada customers

Important: Country specific regulations may apply since certain countries (e.g. Canada, USA) do not allow the sending of One-way messages. When you are in a country which restricts One-Way messages you need to switch the Message type in your SMS setup to the Two-way option.

As next you have to configure a From number which will be used in the API request. The From number can Not be a cell number but a special long number (<=16digit) or a short code. You can apply for the long number during the New SMS setup or from the Clicketell's MyWorkspace.

If you have already purchased a long number or a short code, you need to connect it to your SMS setup by selecting it from the drop-down. More details to this topic is described in this Clickatell's doc.
Note: Side effect of these regulations is that with the Two-way option and the From number you can't use the Sandbox profile but setup billing and switch to the production profile.

Finally when you have configured the Two-way option and purchased the From number you need to add the from= attribute in your API Request like in this example:

https://platform.clickatell.com/messages/http/send?apiKey=QlklpUTxTRuJlBvw77sLGw==&to={{phone_number}}&from=1234567890123456&content=LiquidFiles Token: {{message}}