¶ 1. Overview
Two-factor authentication (2FA) is a security method that requires two different types of identity verification to grant access to the system. In the specific case where confirmation is carried out via email, after the usual username and password are entered, the user receives a temporary verification link at their registered email address. This method adds an extra layer of security.
¶ 2. Functionalities
The functionality of two-factor authentication (2FA) via email lies in its ability to enhance the security of user accounts. By requiring not only the usual password but also confirmation through a link sent to the user's email, this approach significantly reduces the risk of unauthorized access. An attacker would need to know the password and have access to the email registered to the account. Thus, 2FA via email provides an effective solution to protect sensitive information and maintain the integrity of online accounts.
¶ 3. Configuration
To use two-factor authentication, we can configure it in the system parameters, global parameters, by groups, or in user registration.
We have a granularity level that applies the authentication configuration hierarchically; the configuration priority is USER → GROUP → SYSTEM.
- The application will first respect parameters applied at the User level, then at the Group level, and finally at the System level. Therefore, if two-factor authentication (2FA) via email is configured at the system parameter level, but the option "None" is selected at the group or user level, authentication will not be applied because group and user settings take precedence.
- The same applies in the opposite scenario, if 2FA via email is enabled for a user, but the option "None" is selected at the group or system level, the user will still have 2FA active.
¶ 3.1. Email Parameters
To use 2FA, we need the system's email parameters to be correctly configured; otherwise, the user will not be able to receive the emails for authentication.
- We will edit the email settings to proceed with 2FA.
- Open the system menu, go to settings, and select Parameters;
- A side panel will open, where we will select:
; - In the email settings, we will add the sender email, which is the address that will send the emails;
- Enable the SSL SMTP (Secure Sockets Layer - Simple Mail Transfer Protocol);
- For SMTP Server Port, we recommend using the default port 587, but it can be changed according to user needs;
- In SMTP Server Password, enter the same password used by the user to log in to their email (the one entered in the "sender email" field);
- In SMTP Server, enter an email server (such as Outlook's
smtp.office365.com); the client can choose their preferred server; - In SMTP Server User, enter the email address (same as used in the sender email field) of the user who will send the emails;
- Closing the panel will apply the changes immediately.
We also need to configure 2FA to complete the settings. Therefore, we will choose to configure it through the system, groups, or users. Below is a description of each possible configuration option.
¶ 3.2. User Parameters
- Open the system menu, go to Access Control, and select Users;
- Select the user for whom the two-factor authentication parameter will be applied and click:
. A side panel will open; - All fields marked with "*" are mandatory. Pay close attention to the email field, as this is the address to which the authentication link will be sent;
- Click SAVE to close the panel and proceed with the configurations;
- Still in user configuration, in the Explorer, with the user selected, click:
. A side panel will open; - In the panel, click on the section:
; - In the parameters section, click on Multifactor Authentication and select None (to not apply authentication to the user) or Email (to activate email authentication from the next login);
- To apply the changes, click APPLY and then SAVE. The panel will close, and on the user's next login attempt, an email will be sent for authentication.
¶ 3.3 Global Group Parameters
Global groups are groups where we can manage features, object permissions, and global system parameters that are not associated with any application. Groups are named according to user needs. The system only creates the group object; the user must decide whether it will be global or application-specific and name it accordingly.
- Open the system menu, go to Access Control, and select Group;
- Select the global user group to which the two-factor authentication parameter will be applied and click: . A side panel will open;
- In the
section, click 
to select the users to whom you want to apply 2FA; - Still in the panel, click on the section: ;
- In the parameters section, click on Multifactor Authentication and select None (to not apply authentication to the user group) or Email (to activate email authentication from the next login of each user in the group);
- To apply the changes, click APPLY and then SAVE. The panel will close, and on the next login attempt of any user in the group, an email will be sent for authentication.
¶ 3.4. System Parameters
- Open the system menu, go to settings, and select Parameters;
- A side panel will open, where we will select:
; - In the parameters section, click on Multifactor Authentication and select None (to not apply authentication on future logins) or Email (to activate email authentication from the next login for all users in the system);
- Closing the panel will apply the changes immediately.
¶ 4. Using 2FA
With the use of Two-Factor Authentication, on the T6 Enterprise login page, after entering the usual username and password, the user will receive a temporary verification link at their registered email address, which must be accessed to confirm identity and grant account access.
Using Two-Factor Authentication:
- On the T6 login page, enter the username and password and click:
; - The email to which the authentication link was sent will be partially displayed on the screen;
- In your email, there will be a message informing you of the authentication request and a link to confirm the authentication (the authentication link has an expiration time);
- Clicking the link will direct you to a web page with the following message:
; - After closing the tab with the success message, return to the T6 Enterprise tab. The login will be automatically completed after authentication.
If you did not receive the email with the authentication link, click
;
A message will be displayed instructing the user to check the spam folder, contact the application administrator, or try resending the email. If you choose to resend, you will return to the previous screen;