Two Factor Authentication at the OPAC

In This Topic

Two-Factor Authentication for borrower login at the OPAC was implemented in Spydus 10.8.

There are a few parameters to define, and content to configure, but once set up, 2FA can be turned on or off by the borrower at the point of registration or by updating their details at the OPAC.

This feature requires server version 10.8.2 or higher.

Preliminary configuration

General Parameters

There are three parameters that library staff must set to determine the available delivery methods for 2FA verification codes, and the period that the codes remain valid for.

These OPAC 2FA parameters are found in Maintenance > Circulation > General Parameters, under the OPAC heading.

Ensure that Email & SMS Parameters are configured for the delivery method/s that are set to Yes.

2FA code generation page

When a borrower with 2FA enabled attempts to login at the OPAC, a page will be displayed to prompt delivery of their verification code.

The Two-Factor Authentication section in the OPAC HTML Configurator allows staff to configure the messages on this page, and the masking of borrower details displayed in the page.

2FA message content

The content of the email or SMS message to the borrower that contains the verification code can be customised via the HTML Email & Slips Configurator.

On the Communications tab, under the Borrower Verification Code section, compose the content of the messages.

Click image to enlarge

If a library is using links to HTML communications for SMS notices (requires Spydus 10.5 or later), verification codes will still be delivered as a plain text SMS.

Add 2FA field to borrower registration forms

In order to allow borrowers (and staff via Circulation) to enable or disable 2FA, the required field must be added to the relevant interface. In a default installation or upgrade, the Use 2-factor authentication field will be in the Unassigned frame. Simply drag the field from the unassigned frame, and drop it into the tab and section where it is preferred to sit in the form.

images/2FA_BRWREG_FORM_thumb.png
Click image to enlarge

Circulation Borrower Registration/Edit Registration interface

To add the Use 2-factor authentication field to the Circulation borrower registration form, and edit registration interface, use Maintenance > Circulation > Borrower Registration Parameters.

Online Borrower Registration (OPAC)

To add the Use 2-factor authentication field to the online borrower registration form, use Maintenance > OPAC & Enquiry > Register Online Parameters.

Update Details interface (OPAC)

To add the Use 2-factor authentication field to the OPAC interface where borrowers may update their details, use Maintenance > OPAC & Enquiry > Update Details Parameters.

Enable 2FA for a borrower account

Once all preliminary configuration has been completed, enabling 2FA is a simple matter of checking the Use 2-factor authentication option in the borrower's details. This can at the point of registration, or by editing/updating the borrower's details.

Generate a verification code

Once 2FA has been enabled for a borrower account, the next time login is attempted at the OPAC using the correct username and password, a page will direct the user to select a delivery method for their verification code.

Click image to enlarge

If the borrower does not have the relevant contact detail (mobile phone number or email address) on their account, they will not be able to select that delivery method.

The verification code will be delivered by the selected method, with the content as configured.

Click image to enlarge

The borrower then enters the code at the OPAC...

...and is logged into their account.