Two factor authentication for Drupal

Introduction

The LoginTC Drupal module adds an additional step to user authentication using LoginTC two-factor authentication. After successfully entering a username and password, the user’s mobile device receives a LoginTC request (via push notifications) to approve/deny the authentication request. The request also includes useful information (e.g. IP address of the browser) to help the user determine if it’s a legitimate login request.

Prerequisites

Before proceeding, please ensure you have the following:

Drupal Domain Creation

Create a LoginTC domain for your Drupal installation. The LoginTC domain will contain your users’ LoginTC tokens and token unlocking policies.

  1. Log in to LoginTC Admin
  2. Click Domains:
  3. Click Create Domain: Create Domain
  4. Enter domain information and select Drupal Connector: Create Drupal Domain

Installation

  1. Log in to your Drupal site administration panel
  2. Click on Modules
  3. Click on Install new module
  4. Install from a URL: https://www.logintc.com/downloads/logintc-drupal-0.1.0.tar.gz Install Drupal Module
  5. Press Install button and wait a couple seconds
  6. Click on Enable newly added modules under Next steps
  7. Scroll down to Security and check Enabled beside the LoginTC module
  8. Press Save configuration button

Configuration

Configure the module to connect with LoginTC Cloud.

  1. Log in to your Drupal site administration panel
  2. Open the Modules page and check the enabled checkbox next to LoginTC under the Security section
  3. Click Save Configuration
  4. Scroll down to the LoginTC module and click Configure

API Configuration

Configure how the Drupal module connects with LoginTC.

API Key

The 64-character organization API key is found on the LoginTC administration panel on the Settings page API Key

Domain ID

The 40-character domain ID is found on the Domain Settings page. To go the Domain Settings page, click on the Domains tab, then click on your newly-created domain, then click on the Settings button. Create Domain

API Host

Leave the API Host as cloud.logintc.com

Request Timeout

Number of seconds to allow for an authentication request to be approved. A good value to use is between 30 and 90 seconds.

Roles

Only users belonging to the selected Drupal roles will be required to authenticate with LoginTC. We recommend that you create a LoginTC role and apply it to a test user before rolling it out to more users.

Request Attributes

Request attributes appear on the LoginTC request view and help the user to determine if the authentication request is a legitimate one or not. Currently, the only supported domain attribute is the browser’s IP Address.

User Provisioning

Users belonging to the selected roles on the LoginTC module configuration page will be presented an additional step to authenticate with LoginTC. In order to authenticate, the user must be created on the LoginTC administration panel and have the LoginTC token provisioned on their smart device.

Users and their tokens can be managed in many ways:

  • Individual users can be added manually in LoginTC Admin
  • Bulk operations in LoginTC Admin
  • Programmatically manage user lifecycle with the REST API
  • One-way user synchronization of users in an LDAP directory to the LoginTC Admin is performed using User Sync Tool.

Note: Usernames

Your usernames in Drupal must match the usernames in LoginTC.

Usage

Your users enter their first factor (username & password) normally as they always did.

  1. Log out and go to the login form
  2. Enter a username and password First-Factor Authentication Step
  3. You are now presented with a screen LoginTC Authentication Step
  4. Approve the request on your smart device LoginTC Authentication Step