Spydus Help
Factsheets / Two Factor Authentication at the OPAC
In This Topic
    Two Factor Authentication at the OPAC
    In This Topic

    Two-Factor Authentication for borrower login at the OPAC was implemented in Spydus 10.8.

    There are a few parameters to define, and content to configure, but once set up, 2FA can be turned on or off by the borrower at the point of registration or by updating their details at the OPAC.

    This feature requires server version 10.8.2 or higher.  

    Preliminary configuration 

    General Parameters

    There are three parameters that library staff must set to determine the available delivery methods for 2FA verification codes, and the period that the codes remain valid for.

    These OPAC 2FA parameters are found in Maintenance > Circulation > General Parameters, under the OPAC heading.

    Ensure that Email & SMS Parameters are configured for the delivery method/s that are set to Yes.

    2FA code generation page

    When a borrower with 2FA enabled attempts to login at the OPAC, a page will be displayed to prompt delivery of their verification code.

    The Two-Factor Authentication section in the OPAC HTML Configurator allows staff to configure the messages on this page, and the masking of borrower details displayed in the page.

     

    2FA message content

    The content of the email or SMS message to the borrower that contains the verification code can be customised via the HTML Email & Slips Configurator.

    On the Communications tab, under the Borrower Verification Code section, compose the content of the messages.

    images/2FA_OPAC_EMAIL_SLIPS_CONFIGURATOR_thumb.png

    Click image to enlarge

    If a library is using links to HTML communications for SMS notices (requires Spydus 10.5 or later), verification codes will still be delivered as a plain text SMS.   

     Add 2FA field to borrower registration forms

    In order to allow borrowers (and staff via Circulation) to enable or disable 2FA, the required field must be added to the relevant interface. In a default installation or upgrade, the Use 2-factor authentication field will be in the Unassigned frame. Simply drag the field from the unassigned frame, and drop it into the tab and section where it is preferred to sit in the form.

    images/2FA_BRWREG_FORM_thumb.png

    Click image to enlarge

    Circulation Borrower Registration/Edit Registration interface

    To add the Use 2-factor authentication field to the Circulation borrower registration form, and edit registration interface, use Maintenance > CirculationBorrower Registration Parameters.

     Online Borrower Registration (OPAC)

    To add the Use 2-factor authentication field to the online borrower registration form, use Maintenance > OPAC & EnquiryRegister Online Parameters.

    Update Details interface (OPAC)

    To add the Use 2-factor authentication field to the OPAC interface where borrowers may update their details, use Maintenance > OPAC & EnquiryUpdate Details Parameters.

    Enable 2FA for a borrower account

    Once all preliminary configuration has been completed, enabling 2FA is a simple matter of checking the Use 2-factor authentication option in the borrower's details. This can at the point of registration, or by editing/updating the borrower's details.

    Generate a verification code

    Once 2FA has been enabled for a borrower account, the next time login is attempted at the OPAC using the correct username and password, a page will direct the user to select a delivery method for their verification code.

    images/HTML_CONFIGURATOR_2FA_thumb.png

    Click image to enlarge

    If the borrower does not have the relevant contact detail (mobile phone number or email address) on their account, they will not be able to select that delivery method. 

    The verification code will be delivered by the selected method, with the content as configured.

    images/2FA_VERIFICATION_CODE_thumb.png

    Click image to enlarge

    The borrower then enters the code at the OPAC...

     

    ...and is logged into their account.