Two factor authentication for Drupal

Table of Contents
Introduction

Legacy Notice
LoginTC no longer supports Drupal.

The LoginTC Drupal module adds an additional step to user authentication using LoginTC two-factor authentication. After successfully entering a username and password, the user’s mobile device receives a LoginTC request (via push notifications) to approve/deny the authentication request. The request also includes useful information (e.g. IP address of the browser) to help the user determine if it’s a legitimate login request.

Prerequisites

Before proceeding, please ensure you have the following:

Drupal Domain Creation

Create a LoginTC domain for your Drupal installation. The LoginTC domain will contain your users’ LoginTC tokens and token unlocking policies.

  1. Log in to LoginTC Admin
  2. Click Domains:
  3. Click Create Domain:Create Domain
  4. Enter domain information and select Drupal Connector:Create Drupal Domain
Installation
  1. Log in to your Drupal site administration panel
  2. Click on Modules
  3. Click on Install new module
  4. Install from a URL: https://www.logintc.com/downloads/logintc-drupal-0.1.0.tar.gzInstall Drupal Module
  5. Press Install button and wait a couple seconds
  6. Click on Enable newly added modules under Next steps
  7. Scroll down to Security and check Enabled beside the LoginTC module
  8. Press Save configuration button
Configuration

API Configuration

Configure how the Drupal module connects with LoginTC.

API Key
The 64-character organization API key is found on the LoginTC administration panel on the Settings pageAPI Key
Domain ID
The 40-character domain ID is found on the Domain Settings page. To go the Domain Settings page, click on the Domains tab, then click on your newly-created domain, then click on the Settings button.Create Domain
API Host
Leave the API Host as cloud.logintc.com
Request Timeout
Number of seconds to allow for an authentication request to be approved. A good value to use is between 30 and 90 seconds.

Roles

Only users belonging to the selected Drupal roles will be required to authenticate with LoginTC. We recommend that you create a LoginTC role and apply it to a test user before rolling it out to more users.

Request Attributes

Request attributes appear on the LoginTC request view and help the user to determine if the authentication request is a legitimate one or not. Currently, the only supported domain attribute is the browser’s IP Address.

User Provisioning

Users belonging to the selected roles on the LoginTC module configuration page will be presented an additional step to authenticate with LoginTC. In order to authenticate, the user must be created on the LoginTC administration panel and have the LoginTC token provisioned on their smart device.

Users and their tokens can be managed in many ways:

  • Individual users can be added manually in LoginTC Admin
  • Bulk operations in LoginTC Admin
  • Programmatically manage user lifecycle with the REST API
  • One-way user synchronization of users in an LDAP directory to the LoginTC Admin is performed using User Sync Tool.

Note: Usernames
Your usernames in Drupal must match the usernames in LoginTC.

Usage

Your users enter their first factor (username & password) normally as they always did.

  1. Log out and go to the login form
  2. Enter a username and passwordFirst-Factor Authentication Step
  3. You are now presented with a screenLoginTC Authentication Step
  4. Approve the request on your smart deviceLoginTC Authentication Step

Start your free trial today. No credit card required.

Sign up and Go