We offer a new security feature in Cangooroo, so that it is possible to require the user to login in two steps with Google Authenticator.
With 2-step verification, also known as two-factor authentication, you add an extra layer of security to your Cangooroo. After configuring this feature, registered users will log in in two steps using:
- something the user knows (the password itself);
- something that the user has, like the smartphone or a security key.
The functionality can be configured for operator, base and agency users. It is worth mentioning that this type of security feature cannot be used in API users. The configuration is optional and must be done by the Operator, obeying the following rules:
| Operator | Agency | Behavior |
Active | Active | Active |
Inactive | Active | Inactive |
Inactive | Inactive | Inactive |
Active | Inactive | Inactive |
- Active Behavior: ask for the GA app code
- Idle Behavior: don't ask for the GA app code
In other words, for the resource to work, the configuration must be done both at the Operator's Cangooroo and at the agency's.
After hiring the functionality from our Commercial sector, to make it active, at the Operator's Cangooroo, access the "Registration" menu and, in the "Operator" field, click "Setting". At the bottom of the page, enable the “Enable Google Authenticator” feature:
To set up at the agency, access the “Registration” menu and, in the “Client” field, click on “B2B (Agencies)”.
Select the agency you want to deploy 2-step verification on and click the edit icon 
:
At the end of the agency's registration page, leave the “Enable Google Authenticator” field active:
When Behavior is "Active" the system will require the user to enter the code generated with Google Authenticator at the time of login to Cangooroo. Likewise, when the user wants to change the registration data for himself or for the agency, he must inform the GA code.
For cases where the behavior is active and the user does not have a GA token, we will follow the following flow:
- Upon login, the system will inform you that a link has been sent to the user's email:
- In the email, the user will receive a link to open the QR Code:
- In the link sent to the email, the user should see a field to enter their password and click on "Step 2":
- Then, the QR Code will be displayed for reading in the mobile application. Just enter the generated code to end the user's association with GA.
It is important to make it clear that the link sent by email remains valid for a maximum of 30 minutes.
Are you interested in activating the 2-step verification module on your Cangooroo? Contact our Commercial department by e-mail [email protected].