Pleven
Pleven; It is a WAS - Web Application Security - web application security plug-in that works directly within Workcube in the layer architecture that controls the security and system health of businesses using Workcube. Pleven used for filter purposes. It filters requests and attacks from outside and inside. A standard is determined for the filtering process and a security layer is created in accordance with this standard.
Path:Control Panel > System > Dev Tools > Pleven
What is OTP?
In today's world where digital security is critical, one-time passwords have an important place. OTP is a password that is valid only once and is used in users' authentication processes.
How does OTP work?
OTP; It is usually sent to the user via an app, SMS, email, or timestamped password generators. The user authenticates by using this password within a certain period of time. Since a new OTP is created for each session, it cannot be reused.
What are the advantages of OTP?
- Security: OTPs are more secure than fixed passwords because they are unique for each login.
- Convenience: Users receive a new password each time, so there is a risk of forgetting it or having it stolen.
- Flexibility: Can be sent through many different channels (SMS, e-mail, application).
Where is OTP used?
- Banking: Internet banking transactions
- E-commerce: Payment transactions
- Enterprise Systems: Employee login and data access
OTPs provide a powerful solution for securing users' accounts and information. With the advancement of technology, the use of OTP is becoming increasingly widespread and increases security in the digital world.
What is Plevne 2-Factor Authentication?
Workcube tries to verify you in a secondary stage with the OTP method after entering the password during access. These transactions can be done either via SMS in OTP formation, or with Authenticator applications in TOTP formation, which allows you to generate your own time-stamped password.
To use OTP, set the ENABLE_MFA value to 1 on the Pleven Settings screen and save the status while it is active.
Then, write the Key value or values for the OTP methods you allow in your system into the MFA_TYPES field, separating them with a comma, and save the status field as active.
The OTP methods and Keys you can use are shown below.
Key | Description |
|---|---|
1 | SMS |
2 | Authentication with Authenticator applications (Google Authenticator, Microsoft Authenticator etc.) |
After doing this, you can click on the settings page at the bottom of the settings page. Click on the "Restart Plevne" link.
If you want to require your users to use MFA, you must give the MFA_FORCE field a value of 1.
After logging in, users can access the Pleven MFA screen under "User Menu". If the MFA_FORCE option is marked as 1, the user is directed to the MFA configuration screen after the first login.
User configuration instructions
When you first enter the Plevne MFA screen, if you have not configured it before, the screen will appear as follows. will appear.
On this screen, select one of the methods you can use from the MFA Type field.
If you have selected the "Control via SMS" option, fill in your Mobile Phone information on the right side of the screen or check its accuracy. Otherwise, SMS will not be sent and you will not be able to access the system.
If you have selected the Google Authenticator option, you may encounter one of the following scenarios,
- No e-mail address has been entered in your employee card: In this case, enter your e-mail address in the field on the right of the screen and exit with the TAB key (or click on any empty area of the screen). When your change is detected, the "Update" button will appear and allow you to update your e-mail address. As a result of this process, the QR code appears on the screen.
- The e-mail address on your employee card was entered incorrectly: In this case, enter your correct e-mail address in the field on the right of the screen and exit with the TAB key (or click on any area of the screen). When your change is detected, the "Update" button will appear and allow you to update your e-mail address. As a result of this process, a QR will be generated and displayed according to your new e-mail information.
- Your e-mail address has already been entered in your employee card: In this case, your QR code will appear on your screen.
After performing one of these operations, scan the QR code with the Google Authenticator application and make sure that it is added to the application. Then save the changes by clicking the "Save" button on the left side of the screen. When you log in, you will be asked for the code generated on Google Authenticator.
Technical information
- Plevne MFA is compatible with at least Java 16 version.
- In order to use Plevne MFA, after obtaining the current version, the application server (such as Adobe CF or Lucee) must be restarted in order for the Java libraries to become active.
- To be able to use SMS verification, you must configure an SMS provider running on Workcube.
- To be able to confirm with TOTP, the Google Authenticator application (or a similar TOTP-supporting) application must be installed on the mobile phone and camera access permission must be granted.
- In order to confirm with TOTP, the server time must be current and in accordance with the local time zone.
Feedback
Pleven is used to select SMS or Google authenticator for two-factor authentication.