Two Factor Authentication (2FA) for DotNetNuke (DNN) using Duo Push Notifications | Secure DNN Login

1. Download the package for DotNetNuke Two Factor Authentication Provider (2FA).

2. Upload the installation package dnn-two-factor-authentication-provider_xxx_install by going in Settings > Extension > Install Extension.

3. Now under the Installed extensions tab select Authentication Systems. Here you can see the miniOrange DNN 2FA Authentication Provider.

4. You have finished with the installation of the 2FA Authentication Provider on your DNN site.

• Click on the pencil icon, as mentioned in the image below, to configure the DNN 2FA Authentication Provider.

• Navigate to the Site Settings tab to configure DNN 2FA.

• Log in to the DNN 2FA plugin to access the admin dashboard using your miniOrange account under which the license is purchased.
• Log in to https://portal.miniorange.com/ using your registered account credentials. After logging in, you can find your license key on the Dashboard.
• Enter the license key in the License Key field and click on the Activate License button.

• Enable the 2FA for End Users toggle button.

• To enable 2FA for admin you need to check the Enable 2FA for Admins checkbox.

• To enable 2FA for AD Authentication click on DNN AD Login under Advanced Settings tab and select AD Login.

• Under Configuration tab click on Push Notification

• If you do not have a Duo account, please click here to create an account.

• After signup, please login into the Duo portal.

• Go to the Applications option on the left side menu and click on the Protect an Application submenu.

• Search for Auth API and click on the Protect button.

• You have successfully created the Auth API to the protected applications.

• Now copy the Integration Key, Client Secret and API Hostname to configure the Duo Push Notification in the 2FA plugin.

• Enter the Client ID which is same as Integration Key, Client Secret and API hostname and Click on Save button

• Now, click on the Configure button.

• After clicking the Configure button, if your account doesn't exist in Duo, you will be required to Enroll.

• After clicking on Enroll, you will be prompted to set up your account on Duo Security.

• Click on the Get started button.

• Select the country code and enter your phone number.

• Then click on the Continue button.

• Select the Duo Mobile option.

• Scan the QR from the Duo mobile app.

• You have successfully set up Duo Authenticator and completed the first step of the process.

Test Duo Authenticator / Push Notification

• Click on Test Push Notification button. You will receive a Duo push notification on your mobile app.

• After approving the push notifications, the method will be configured and can be enabled for the end user.

• To enable the method for end user click on the toggle button.

Advanced Settings

If you want to apply Advanced Settings, navigate to the Advanced Settings tab.

Role Based 2FA

• This feature allows administrators to enforce Two-Factor Authentication for specific user roles in the DNN portal.
• Enable the Role Based 2FA toggle button to activate role-based two-factor authentication.
• If you want to skip 2FA for roles without mapping, enable the "Skip 2FA for the roles without mapping" toggle button.
• Click on the Add Roles button to select and configure the roles for which you want to enforce 2FA.

• From the Select Role dropdown, choose the role for which you want to enable 2FA, and from the Select TFA Methods dropdown, select the TFA methods that you want to configure for the selected role.

• After configuring the role and TFA methods, click on the Save button to apply the settings.

Backup Login Method

• This feature allows users to log in using alternative authentication methods in case their primary 2FA method is unavailable.
• Enable the Backup Code toggle button to allow users to log in using backup codes generated for their account.

• When you log in and are prompted for 2FA verification, if the device on which you receive the OTP (e.g., mobile phone) is unavailable, you can click on the 'Forgot your device? Select a backup option to log in' link to use the backup login method.

• Select 'Use Backup Code' to authenticate if your primary 2FA method is not accessible.

• You can find your backup codes under the 'Backup Codes' tab. Each code can be used only once.

• Enter the backup code in the provided field and click 'Verify' to complete the authentication process.

Custom Email Gateway

• This feature allows you to use your own configured email gateway (SMTP settings) to send OTPs for email-based authentication.
• Enable the Custom Email Gateway toggle button to start using your configured email gateway for sending OTPs.

• Go to Settings → Servers in your DNN portal.

• Navigate to the Server Settings tab, select Basic under SMTP Authentication, and configure the required details such as SMTP Server, Port, Username, Password, and Host Email.

• Click on Test SMTP Settings to verify the configuration, and then click Save.
• If you want to customize the branding or message for the email gateway, you can follow the below steps.

Trust Device(Remember Me)

• This feature allows users to mark their device as trusted so they can skip 2FA verification for a specified period on that device.
• Enable the Trust Device toggle button and set the Trust Duration (Days) for how long the device should be remembered.
• Enable the Ask 2FA on browser change checkbox to prompt 2FA when users log in from a different browser, and click on Save Settings to apply the changes.
• If unchecked, 2FA will not be asked on browser change, and users can continue without additional verification.

• When the end user logs in, they will be prompted with a “Trust this device” option, where they can choose Yes to skip 2FA on that device for the specified duration or No to continue with regular verification.

Setup Grace Period

• Setup Grace Period gives users limited attempts or time to set up 2FA. During this, they can log in without completing 2FA.
• Turn on the Setup Grace Period toggle, then choose Setup no. of attempts (number of login attempts allowed to set up 2FA) or Setup Time Period (time duration to complete the setup), enter the value, and click Save.

• When end users log in, they will see the 2FA setup prompt with a “Skip for now” option.
• This option will be shown based on the configured grace period, meaning it will appear for the defined number of attempts or within the set time duration.

Customization

If you want to customize the 2FA experience, you can use the Customization section to update elements like logo, brand name, message, and styling.

Brand Logo Customization

• By default, the miniOrange logo is selected. If you want to use your own logo, click on Choose File and upload it.
• Alternatively, you can enter the logo URL in the given field and click on the Save button.
• If you want to revert the changes, click on the Reset to Default button.

Brand Name Customization

• Enter your desired brand name in the field and click on the Save button. This name will be displayed in the authenticator app during the 2FA process.

Branding Message for Custom Email Gateway

• Enter your custom email message using placeholders like {{OTP}}, {{EMAIL}}, etc., to dynamically include user and OTP details.
• You can also enter the Email Sender, Sender Name, and Email Subject as per your requirement.
• Click on the Save button to apply the changes.

Branding CSS Customization

• Add your custom CSS in the provided editor to modify the look and feel of elements like logo, buttons, and layout on the 2FA pages.
• You can use the listed CSS selectors (e.g., #logoDisplay, .mo-btn-primary, etc.) to target and style specific components.
• Click on the Save button to apply the changes.