Two-factor authentication

This new functionality allows to add a new additional security layer to complement the use of user/password or certificate for access to XolidoSign Corporate service.

This two-factor is a PIN by SMS and only works for XolidoSign Corporate services that have configured a SMS gateway.

There are three possible options:

• Never ask for the two-factor authentication.
• Request it every time you restart the browser (not only exit XolidoSign Corporate application, you have to restart the browser).
• Every X days: Between 1 and 90 days. Indicate every how many days you want the user to authenticate with double authentication factor.

When the two-factor authentication is activated with the last two options, once the user is authenticated with a certificate or login/password, a new form will appear asking for the PIN that will have been sent by SMS to his or her mobile.

NOTE: In order to use the double authentication factor, in addition to having contracted an SMS gateway, the user must have configured a mobile phone in his/her profile to which the PIN will be sent.

Configure it from the administration area: Configuration > Access policy > Force two-factor authentication.