Two factor authentication for Joomla

Introduction

The LoginTC Joomla plugs adds an additional step to user authentication using LoginTC two-factor authentication. After successfully entering a username and password, the user’s mobile device receives a LoginTC request (via push notifications) to approve/deny the authentication request. The request also includes useful information (e.g. IP address of the browser) to help the user determine if it’s a legitimate login request.

Prerequisites

Before proceeding, please ensure you have the following:

Joomla Domain Creation

Create a LoginTC domain for your Joomla installation. The LoginTC domain will contain your users’ LoginTC tokens and token unlocking policies.

  1. Log in to LoginTC Admin
  2. Click Domains:
  3. Click Create Domain: Create Domain
  4. Enter domain information and select Joomla Connector: Create Joomla Domain

Installation

  1. Log in to your Joomla Control Panel
  2. Click on Extensions dropdown and Extension Manager
  3. Click on Install from URL tab
  4. Enter Install URL: https://www.logintc.com/downloads/logintc-joomla-1.0.0.tar.gz Install Joomla Module
  5. Press Install button and wait a couple seconds

Configuration

Configure the plugin to connect with LoginTC Cloud.

  1. Log in to your Joomla Control Panel
  2. Click on Extensions dropdown and Plugin Manager
  3. Enter LoginTC in the Search input field and press Enter
  4. Click on LoginTC
  5. Set Status to Enabled

API Configuration

Click on the API Configuation tab. Configure how the Joomla plugin connects with LoginTC.

API Key

The 64-character organization API key is found on the LoginTC administration panel on the Settings page API Key

Domain ID

The 40-character domain ID is found on the Domain Settings page. To go to the Domain Settings page, click on the Domains tab, then click on your newly-created domain, then click on the Settings button. Create Domain

API Host

Leave the API Host as cloud.logintc.com

Request Timeout

Number of seconds to allow for an authentication request to be approved. A good value to use is between 30 and 90 seconds.

Groups

Only users belonging to the selected Joomla groups will be required to authenticate with LoginTC. We recommend that you create a LoginTC group and apply it to a test user before rolling it out to more users.

Request Attributes

Request attributes appear on the LoginTC request view and help the user to determine if the authentication request is a legitimate one or not. Currently, the only supported domain attribute is the browser’s IP Address.

Press the Save button to save the configuration.

Disable Authentication - Joomla

The LoginTC plugin requires that the default Authentication - Joomla authentication plugin be disabled. The LoginTC plugin will handle all username/password authentication attempts and then the LoginTC authentication if required. To do this, follow these instructions:

  1. Click on Extensions dropdown and Plugin Manager
  2. Enter Joomla in the Search input field and press Enter
  3. Click on Authentication - Joomla
  4. Set Status to Disabled

User Provisioning

Users belonging to the selected groups on the LoginTC plugin configuration page will be presented an additional step to authenticate with LoginTC. In order to authenticate, the user must be created on LoginTC Admin and have the LoginTC token provisioned on their smart device.

Users and their tokens can be managed in many ways:

  • Individual users can be added manually in LoginTC Admin
  • Bulk operations in LoginTC Admin
  • Programmatically manage user lifecycle with the REST API
  • One-way user synchronization of users in an LDAP directory to LoginTC Admin is performed using User Sync Tool.

Note: Usernames

Your usernames in Joomla must match the usernames in LoginTC.

Usage

Your users enter their first factor (username & password) normally as they always did.

  1. Log out and go to the login form
  2. Enter a username and password First-Factor Authentication Step
  3. Approve the request on your smart device LoginTC Authentication Step