Dual Factor Authentication User Info

The Dual Factor Authentication User Info (DFAINFO) page allows the update to the phone number and email address that is used if Dual Factor Authentication (DFA) is enabled for your site. This information can also be updated by an authorized system administrator via the DFA User Information fields on the User Information page (see that page for field definitions).

When this feature is enabled (that is, EnableDualFactorAuthentication=true in the Adv30Params.ini file) and the User ID and password are successfully authenticated on the Login page for a particular user, the system navigates the user to a new screen to provide the preferred choice for sending the token. If a preference is not selected, then the default preference specified for the DualFactorAuthType parameter in the Adv30Params.ini file is used. After clicking Send on the Sign In Verification page, the token is sent to the registered email/phone number and an Access Code field appears, which allows the user to enter the token received via email/text. A message with a countdown timer appears beneath the Access Code field. The Access Code must be entered before the timer reaches 0:00. The Resend button can be used to send a new token to the email/phone number selected on the previous screen. The timer starts over when the Resend button is selected. Once the Access Code is entered, the user clicks the Verify button to login to the system.

Both email address and phone number are displayed masked in the DFA Sign In Verification window. Email address is masked based on following:

  • If email address length is more than 2 characters, the system displays all characters masked with an asterisk sign except for the first and last characters before the @ sign as well as the domain portion. Example: example@cgi.com is displayed as e*****e@cgi.com.

  • If email address length is a single character, the character is displayed with an asterisk sign (masked). Example: e@cgi.com is displayed as *@cgi.com.

  • If email address length is 2 characters, then both characters are displayed masked. Example: ad@cgi.com is displayed as **@cgi.com.

For phone numbers, only the last 4 digits are displayed to the user and the rest of the digits/numbers are displayed as masked.

Note: If the token is invalid or if it is expired, the system will not allow the user to login to the system. The user must click the Resend button on the validation screen to resend the token. Refer to the CGI Advantage DFA Configuration Guide to configure the Dual-Factor Authentication feature.