Set up users for two-step verification via email

Available functionality depends on the system you are using. See Product comparison chart for more information.

To impose an additional login step on users of the Milestone Mobile client or XProtect Web Client, set up two-step verification on the Milestone Mobile server. In addition to the standard user name and password, the user must enter a verification code received by email.

Two-step verification increases the protection level of your surveillance system.

Requirements

• You have installed an SMTP server.
• You have added users and groups to your XProtect system in the Management Client on the Roles node in the Site Navigation pane. On the relevant role, select the Users and Groups tab.
• If you upgraded your system from a previous version of XProtect, you must restart the mobile server to enable the two-step verification feature.

In Management Client, perform these steps:

1. Enter information about your SMTP server.
2. Specify the settings for the verification code that will be sent to the client users.
3. Assign login method to users and domain groups.

This topic describes each of these steps.

Enter information about your SMTP server

The provider uses the information about the SMTP server:

1. In the navigation pane, select Mobile Servers, and select the relevant mobile server.
2. On the Two-step verification tab, select the Enable two-step verification check box.
3. Below Provider settings, on the Email tab, enter information about your SMTP server and specify the email that the system will send to client users when they log in and are set up for a secondary login. For details about each parameter, see Two-step verification.

Specify the verification code that will be sent to the users

To specify the complexity of the verification code:

1. On the Two-step verification tab, in the Verification code settings section, specify the period within which Milestone Mobile users, do not have to reverify its login in case of, for example, a disconnected network. Default period is 3 minutes.
2. Specify the period within which the user can use the received verification code. After this period, the code is invalid and the user has to request for a new code. Default period is 5 minutes.
3. Specify the maximum number of code entry attempts, before the user will be blocked. Default number is 3.
4. Specify the number of characters for the code. Default length is 6.
5. Specify the complexity of the code that you want the system to compose.

Assign login method to users and Active Directory groups

On the Two-step verification tab, in the User settings section, the list of users and groups added to your XProtect system appears.

1. In the Login method column, select between no login, no two-step verification, or delivery method of codes.
2. In the Details field, add the delivery details such as email addresses of individual users. Next time the user logs into XProtect Web Client or the Milestone Mobile app, he or she is asked for a secondary login.
3. If a group is configured in Active Directory, the Mobile server uses details, such as email addresses, from Active Directory.

   Windows groups do not support two-step verification.

4. Save your configuration.

You have completed the steps for setting up your users for two-step verification via email.

© 2018 Milestone Systems A/S