Jump to content
Invision Community


New: Authy Integration

This entry is about our IPS Community Suite 4.2 release

In 4.1.18 we added Two Factor Authentication. Already in 4.2 we have announced a new setting to trigger 2FA when logging in from a new device, and in 4.2 we are also adding Authy as an authentication handler.

Authy can send a user a text message, make a phone call, or send a push notification to a smartphone app to authenticate the user. You can enable whichever of these options you like.

 

Set Up

To set up Two Factor Authentication with Authy, the user will enter their phone number. To verify their phone number they will then enter a code shown in the Auhy app or have a code sent by text message or phone call. The system will automatically show an appropriate interface based on what options you have enabled - for example, if you don't want to enable the app as an option, it will not reference Authy.

Authy Setup with App.png

Setting up Authy with the app available as an option

Authy Setup without App.png

Setting up Authy with just phone or text message options enabled

 

Verification with Authy

When the user needs to verify their account, the system will automatically show an appropriate interface. If you allow verification with the Authy app and either it is the only option you allow, or the system knows that the user has installed the Authy app, the system will prompt them to use the app. This can either be done using Authy's OneTouch option (where the user will receive a push notification to the app, and when they click approve, the screen will automatically refresh) or their SoftToken option (where the user will be instructed to open the Authy app and enter the code they see). If you allow authentication by text message and/or phone call as well, the user will also see options for using those instead.

These screenshots show the process for OneTouch authentication:

Authy OneTouch Pending.png

The user is shown a waiting screen

Authy OneTouch Notification.PNG Authy OneTouch Approval.PNG

Simultaneously they will receive a push notification and when opening it be able to approve

Once the user has approved, the waiting screen will automatically refresh with the user authenticated.

For SoftToken authentication, the user is prompted to enter the code shown in the Authy app:

Authy SoftToken Authentication.png

Authy SoftToken option

 

Phone Verification

If you have disabled the Authy app as an option, or the user does not have it installed, they will be prompted to choose from the available options how they want to authenticate.

These screenshots show the process for authenticating by text message:

Authy Verification Options.png

The user is asked how they want to authenticate

Authy SMS Codr.PNG

The user receives a text message or phone call with a code

Authy SMS Verification.png

The user enters this code to authenticate

 

Management

If the user changes their phone number they can reconfigure the system in their account settings. The system automatically shows "Phone Verification" rather then "Authy" if the app is not available as an option.

Authy Account Settings.png

Account Settings showing Authy as Phone Verification

 


User Feedback

Recommended Comments

Why introduce more services that depend on a third party? I get that its nice as it adds features with minimal effort/coding/time from the IPS devs so they can focus on other things, but it puts our sites at the mercy of the weakest third party. Is there any chance that some of these services that require third parties be brought back in house in the future?

Share this comment


Link to comment
Share on other sites
26 minutes ago, Ohio Guns said:

Why introduce more services that depend on a third party? I get that its nice as it adds features with minimal effort/coding/time from the IPS devs so they can focus on other things, but it puts our sites at the mercy of the weakest third party. Is there any chance that some of these services that require third parties be brought back in house in the future?

So you want IPS to get into the business of developing authentication software on a level of Authy, Google, etc?

Share this comment


Link to comment
Share on other sites
29 minutes ago, Ohio Guns said:

Why introduce more services that depend on a third party? I get that its nice as it adds features with minimal effort/coding/time from the IPS devs so they can focus on other things, but it puts our sites at the mercy of the weakest third party. Is there any chance that some of these services that require third parties be brought back in house in the future?

Though we think we're pretty darn good at what we do, we can't be good at everything. There's a lot of great services out there that are superb at what they do, and it makes sense for us to integrate with them where it adds value for our own customers. 

Share this comment


Link to comment
Share on other sites
7 hours ago, Ohio Guns said:

Why introduce more services that depend on a third party? I get that its nice as it adds features with minimal effort/coding/time from the IPS devs so they can focus on other things, but it puts our sites at the mercy of the weakest third party. Is there any chance that some of these services that require third parties be brought back in house in the future?

So instead of using available tools and services, you want IPS to develop each and every feature made possible by those 3rd party products/services?  May as well ask IPS to develop a web browser as well, instead of relying on other browser products that could go belly up without any notice.  For receiving payments, IPS should also create their own version of PayPal, as well as credit card transaction handlers.  I suppose you'd want cPanel and email related services as well.

 

Why reinvent the wheel? What IPS is doing is reducing cost and development time by making use of third party content.  The products/services are made with the expectation of being used by others, instead of everyone making their own.  Not only makes it easier for companies to work more on their own products (while also reducing costs), but for the end user, there is more consistency with how things work.   I understand your concern, as a third party 'going under' could be a crippling blow to a site, but I'm positive that the IPS staff researches vendors for reliability and quality, instead of just Googling for different services and picking one at random.

Share this comment


Link to comment
Share on other sites

How much will this cost... for sms and call activation 

I visited site but could not find pricing....

----------------

Later will this be possible - we can have activation with mobile number as we do from email address ?

Share this comment


Link to comment
Share on other sites


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Latest Releases

    • 4.2.5 Current Release
      Released 10/13/2017
    • 4.2.4
      Released 09/19/2017
    • 4.2.3
      Released 08/31/2017
    • 4.2.2
      Released 08/07/2017
    • 4.2.1
      Released 07/26/2017
×
  Ask A Question ×