A central part of Cerby’s platform is its ability to support various forms of two-factor authentication in a team-sharable format. This section covers which forms of two-factor authentication Cerby supports as well as how Cerby prioritizes each form.
Supported forms of Two-Factor Authentication
Cerby supports four forms of Two-Factor Authentication. They are as follows, ranked by most secure and preferred to least secure and preferred:
Machined-Generated Authentication Codes: Six digit authentication codes that are computed based on an authentication code (or One Time Password) seed. Cerby computes these codes based on server time, ensuring they are always accurate.
[Coming Soon] Email-based Authentication Codes: Six digit authentication codes which are distributed by the application account over email.
[Coming Soon] VOIP-based Authentication Codes: Six digit authentication codes which are distributed by the application account over a VOIP-based phone number.
[Coming Soon] Physical SIM-based Authentication Codes: Six digit authentication codes which are distributed by the application account over a real, physical SIM-based phone number. This option is necessary for services which do not allow VOIP-based phone numbers.
How to onboard Two-Factor Authentication
As part of adding an account to your Cerby workspace, or clicking into the Configure section of each account, you have the ability to automatically onboard and offboard Two-Factor authentication for a Managed Application. For Unmanaged Applications, you must onboard and offboard Two-Factor Authentication manually, using Cerby’s mobile application.
Automated Two-Factor Authentication Onboarding and Offboarding
You can automatically onboard Two-Factor Authentication for Managed Applications in two locations:
During Add Account Process
Click on Add Account from the central Cerby dashboard.
In the second step of this process, toggle on the option for Add a second layer of protection. Once you have toggled this option on, Cerby will do the rest and notify you via email when done.
In General Tab of Account Configuration
Click on the More (...) option in the central Cerby dashboard for any Managed Application account tile.
In the General tab, toggle on and off the Add a second layer of protection.
Once you have toggled this option on or off, Cerby will do the rest and notify you via email when done.
Manual Two-Factor Authentication Onboarding and Offboarding
For Unmanaged Applications, the end user must follow the application specific instructions for configuration of Two-Factor Authentication. Currently, Cerby only supports machine generated authentication codes. In order to onboard machine generated Two-Factor Authentication, you must:
Add an account from the central Cerby dashboard.
Install the Cerby mobile application, login to your account, and access the added account from within the Cerby mobile account listing view.
Click on the account in question and click on Scan Code on the following screen.
If the Unmanaged Application account does not support QR code scanning, click on Can’t scan the QR code?.
In the following screen, enter in the Authentication Code secret and click on Save Secret.
The machine generated Two-Factor option will now be available to all users of the account.
Configuring Autofill of Two-Factor Authentication Codes
The Cerby platform provides three modes for insertion of Authentication codes. They are:
Cerby challenge: By default, Cerby will issue an identity challenge to your Cerby mobile application each time you attempt to access an account’s authentication code for Managed Applications.
Autofill: Under the More (...) > General tab, you can toggle the Have Cerby Autofill the 2FA option on and off. In this mode, Cerby will automatically insert the authentication code based on a valid session with your Identity Provider.
Manual insertion: If either option above fails, you can click on the Cerby icon within the Authentication Code field and do a manual insertion of the code by selecting the right account and field (e.g., Authentication Code) within the Cerby field manager menu.