Two-Factor Authentication

You can enable Two-Factor Authentication in Exchange Reporter Plus to secure all logins. Exchange Reporter Plus supports five modes of authentication. You can choose one or more methods that work best for you; if you configure multiple login modes, the technician is given the liberty to choose one method from the list. To enable Two-Factor Authentication:

  1. Go to the Settings tab.
  2. Navigate to Admin → Utilities → Two-Factor Authentication.
  3. Click the button corresponding to Two-Factor Authentication to enable this feature.
Note: You can also disable this feature for all technicians at any point of time using the same steps. Click the same button again to disable it.

Two-Factor Authentication settings

Supported authentication methods

Exchange Reporter Plus supports the following authentication methods:

Email Verification

Technicians can receive verification codes from Exchange Reporter Plus via email, which they can enter to log in to the product. To enable the Email Verification method:

  1. Go to the Email Verification drop-down.
  2. Select Enable Email Verification.
  3. Modify the Subject and Message content as required.
  4. You can also attach other attributes, like username or codes, to the message by clicking the Macros option in the bottom-right corner.
  5. Click Save.
Note: This setting fetches values from the already configured email server in Exchange Reporter Plus. If you haven’t already configured an email server, you can click the Configure Now option corresponding to Email Verification to add email server details.

SMS Verification

Technicians can also receive verification codes from Exchange Reporter Plus via SMS. To enable the SMS Verification method:

  1. Go to the SMS Verification drop-down.
  2. Select Enable SMS Verification.
  3. Modify the Message content as required.
  4. Note: Please note that if the message exceeds 160 characters, the notification will be dispatched in two or more text messages.
  5. You can also attach other attributes, like username or codes, to the message by clicking the Macros option in the bottom-right corner.
  6. Click Save.
Note: This setting fetches values from the already configured SMS server in Exchange Reporter Plus. If you haven’t already configured an SMS server, you can click the Configure Now option corresponding to SMS Verification to add SMS server details.

Google Authenticator

If your organization uses Google Authenticator for security purposes, Exchange Reporter Plus supports that too. To enable the Google Authenticator method for verification:

  1. Go to the Google Authenticator drop-down.
  2. Select Enable Google Authenticator.

Duo Security

If your organization uses Duo Security for two-factor authentication, it can be integrated with Exchange Reporter Plus to secure logins. Users can approve a push notification or enter the six-digit security code generated by the Duo mobile app to log in to Exchange Reporter Plus. Authentication via Duo Security can be configured in two ways in Exchange Reporter Plus: Web v2 SDK and Web v4 SDK.

Web v2 SDK uses a traditional Duo prompt, which will be displayed in an iframe in Exchange Reporter Plus, whereas Web v4 SDK uses Duo's OIDC-based Universal Prompt with a redesigned UI that redirects users to Duo for authentication.

Note: Duo Security has phased out Web v2 SDK, so it is recommended to switch to Web v4 SDK.

Prerequisite:

Web v4 SDK configuration steps

Note: For secure Web v4 SDK authentication, a secure connection (HTTPS) is required. To ensure Duo authentication works properly, please avoid accessing the product using its IP address.

  1. Log in to your Duo Security account (e.g., https://admin-325d33c0.duosecurity.com) or sign up for a new account and log in.
  2. Go to Applications and click Protect an Application.
  3. Two-Factor Authentication Duo Security

  4. Search for Web SDK and click Protect.
  5. Two-Factor Authentication Duo Security

  6. Copy the Client ID, Client Secret, and API Host Name values.
  7. In Exchange Reporter Plus, navigate to Settings > Admin > Utilities > Two-Factor Authentication.
  8. Check the Enable Duo Security box and select Web v4 SDK for the Integration Type.
  9. Paste the Client ID, Client Secret, and API Host Name obtained from the Duo Admin Panel in the respective fields.
  10. Enter the same username pattern used in Duo Security in the Username Pattern field.
  11. Click Save.
  12. Two-Factor Authentication Duo Security

Web v2 SDK configuration steps

  1. Log in to your Duo Security account (e.g., https://admin-325d33c0.duosecurity.com) or sign up for a new account and log in.
  2. Go to Applications and click Protect an Application.
  3. Two-Factor Authentication Duo Security

  4. Search for Web SDK and click Protect.
  5. Two-Factor Authentication Duo Security

  6. Copy the Integration key, Secret key, and API hostname values.
  7. Two-Factor Authentication Duo Security

  8. In Exchange Reporter Plus, navigate to Settings > Admin > Utilities > Two-Factor Authentication.
  9. Check the Enable Duo Security box and select Web v2 SDK for the Integration Type.
  10. Paste the Integration Key, Secret Key, and API Host Name obtained from the Duo Admin Panel in the respective fields.
  11. Enter the same username pattern used in Duo Security in the Username Pattern field.
  12. Click Save.
  13. Two-Factor Authentication Duo Security

Note: If an enrolled user is deleted in Duo Security, it is mandatory to also remove the user's enrollment in Exchange Reporter Plus and reconfigure it.

Steps to migrate to the new Universal Prompt

  1. In the Duo Admin Panel, select the Web SDK application, which was previously configured for Exchange Reporter Plus, and copy the Integration key, Secret key, and API hostname values.
  2. Scroll down to the Universal Prompt section. The App Update Ready message will be displayed, indicating that Universal Prompt can now be activated for Exchange Reporter Plus.
  3. Steps to migrate to the new Universal Prompt

  4. In Exchange Reporter Plus, navigate to Settings > Admin > Utilities > Two-Factor Authentication > Duo Security.
  5. Click Web v4 SDK and paste the Integration key, Secret key, and API hostname values in the Client ID, Client Secret, and API Host Name fields respectively.
  6. Once the Web v4 SDK is configured in Exchange Reporter Plus and a user authenticates through the frameless Duo v4 SDK, the App Update Ready message in Duo Admin Panel will be updated and the New Prompt Ready message will be displayed.
  7. Steps to migrate to the new Universal Prompt

  8. Select Show new Universal Prompt to activate the Universal Prompt for Exchange Reporter Plus.

RADIUS Authentication

When RADIUS Authentication is enabled, end users can use their username and password in the RADIUS server to log in to Exchange Reporter Plus. To enable the RADIUS Authentication method for Exchange Reporter Plus:

  1. Go to the RADIUS Authentication drop-down.
  2. Select Enable RADIUS Authentication.
  3. Enter the Server Name or IP Address and Server Port.
  4. Note: By default, the server port used is 1812.
  5. Enter the Authentication Scheme, Secret Key, and Username Pattern for your RADIUS server.
  6. You can also choose a Request Time Out value for the server if you prefer.
  7. Click Save.
Note: When high availability is enabled, please add Exchange Reporter Plus' virtual IP address in the RADIUS server client machine.

Other features

Once the Two-Factor Authentication settings are configured, technicians will be prompted to enter the necessary credentials for a second mode of authentication at the next login.

Two-Factor Authentication login window

On choosing the Trust this browser option, a technician will not be prompted to enter credentials related to the second authentication factor for the next 180 days while accessing Exchange Reporter Plus from the same browser.

Reset two-factor authentication enrollment

If you have lost your authentication device or cannot retrieve the verification code required to complete authentication, you can reset the secondary factor in two-factor authentication for the default admin account using this option.

Note: Authentication factor reset can be done only for the default admin account.

To reset the authentication factor:

  1. Navigate to the <installation directory>\bin folder. By default, the installation path is C:\Program Files\ManageEngine\Exchange Reporter Plus\bin.
  2. Click and run the resetAdminTFAEnrollment.bat file available under this path.
  3. Restart Exchange Reporter Plus.
  4. You can now re-enroll for the secondary authentication factor by logging in to Exchange Reporter Plus and following the steps mentioned above on this page.

Copyright © 2024, ZOHO Corp. All Rights Reserved.