Authy app-based verification
This article explains how to set up two-step verification using Authy application.
Requirements
-
Twilio account
Create a Twilio account if you do not have one.
Note, Authy app-based application is a paid service from Twilio. Check Authy Pricing page.
Create Authy application
Navigate to the Authy Applications page in the Twilio Console.
If you do not have Authy application yet, then click the Get Started button to create one.
The Build With Authy page is displayed.
You need to complete at least the first two steps:
- Verify a phone number
- Create an application and get your API credentials.
Click the Verify Phone Number button.
Next, specify the country and the phone number. Click the Text me button.
Check text messages on your phone. You should get the Twilio code. Enter the code into the Verification code field and click the Verify button.
When you enter the correct code, then you will see a message about the successful verification of the phone number. Click the Return to Console button.
A browser page will be returned to the Build With Authy page. Once you confirm your phone number, the next step is to create an Authy application if you do not already have one created. Specify the name for new Authy application and click the Create Application button.
The new Authy application is created.
Navigate to the Authy Applications page, locate the newly created Authy application and click its name.
In the Overview page, click the Settings link.
Locate Production API Key on the General Settings page. Click the Eye pictogram in order to view the API Key. Copy it. This API Key is required in the next steps.
Setup Authy app-based verification
The Authy app-based verification settings page is available from the Admin Console.
In MiaRec Web portal, go to Administration > User Authentication > 2-Step Verification page.
Click the Configure link for the Authy app-based verification setting.
- Set Enable checkbox.
- Specify Authy API Key which was taken from the previous step.
- Change a default Authy Message if desired. This message will be shown to users in Authy application.
- Configure Status Callback as desired. See below for information.
- Press Save button.
[Optional] Enable Status Callback
If the Status Callback is Disabled, then MiaRec Web portal will be polling for Authy Push Authentication requests status.
If the Status Callback is Enabled, then the Authy Webhooks API will be used to notify MiaRec Web portal of the status of the Push Authentication request.
In this case, you need to configure Webhook URL in Authy Application Push Authentication settings page. Your MiaRec Web portal must be accessible from the Internet for this use case.
First, you need to locate the proper callback URL. In MiaRec Web portal, go to Administration > User Authentication > 2-Step Verification page. Find the Callback URL under Authy app-based verification section.
If your Web portal URL is not configured yet, click the Change Web portal URL link to edit the Web portal URL. Remember or copy Callback URL
In Twilio Console, navigate to the Authy Application Settings page. Click the Push Authentication link to open the required settings page.
Put the Callback URL into the ENDPOINT/URL field. Leave the method equals to “HTTP POST”. Click the Save button.
Test connection
In MiaRec Web portal go to Administration > User Authentication > 2-Step Verification page.
Click the Test connection link.
Authy app-based verification form is opened.
- Specify your country code, phone number, and email. You should have Authy Application set up on your device. Specified phone number should be turned into Authy secure account.
- Click the Test connection button.
The two alerts should appear on the top of the form. One is about successful sending request (“Authy request is sent successfully to your device”). The other is about awaiting for an approval (“Waiting for an approval. Please approve on your device”).
You should receive an Authy Push Authentication request on your device. Click the Approve button on it.
When the authentication request is approved the second alert should replace with “Auhy request is approved successfully on your device”, signaling that it works.