Configure Duo Push Notifications as a 2FA Method in nopCommerce

Overview

nopCommerce Two Factor Authentication (2FA) provides the ability to add an extra layer of security to the default nopCommerce login process. Duo Push Notification is a secure and seamless authentication method that sends a push request directly to the user’s registered device through the Duo Mobile app. Users can simply approve the request with a single tap, making the authentication process faster, more convenient, and highly resistant to phishing or credential-based attacks. Our nopCommerce Two Factor Authentication (2FA) plugin supports multiple authentication methods, including Google Authenticator, Microsoft Authenticator, OTP over SMS, OTP over Email, Duo Push Notification, and more.

Pre-requisites : Download And Installation

• Download the nopCommerce Two-Factor Authentication (2FA) plugin.
• To install the plugin, login as admin into your nopCommerce site or store. In the admin dashboard, navigate to Configuration Tab >> Local plugins.

• On the top right corner of the page select the Upload plugin or theme button to upload the downloaded plugin zip.

Configure Duo Push Notifications

• Click on the Configure button under the Push Notifications to proceed with setting up Duo Push 2FA.

• If you do not have a Duo account, please click here to create an account.
• After signup, please login into the Duo portal.
• Go to the Applications option on the left side menu and click on the Applications submenu.

• Search for “Auth API” and click on it.

• Now copy the Integration Key, Client Secret and API Hostname to configure the Duo Push Notification in the 2FA plugin.

• Enter the Integration Key, Client Secret and API hostname and Click on Save button

• Now, click on the Configure button.

• After clicking the Configure button, if your account doesn't exist in Duo, you will be required to Enroll.

Enrollment steps

• After clicking on Enroll, you will be prompted to set up your account on Duo Security.
• Click on the Get started button.

• Select the Duo Mobile option.

• Select the country code and enter your phone number.
• Then click on the Continue button.

• Verify your phone number. If it's correct, click “Yes, it’s correct”. If not, click “No, I need to change it.”

• Click “Send me a passcode” to receive a 2FA code.

• Enter the 6-digit code received and click “Verify”. If you didn’t get the code, click “Send a new passcode” to get another one.

• Scan the QR from the Duo mobile app.

• You have successfully set up Duo Authenticator and completed the first step of the process.

• Click on Send Push Notification button. You will receive a Duo push notification on your mobile app.

• After approving the push notifications, the method will be configured and can be enabled for the end user.
• To enable the method for end user click on the inactive toggle button.

• After completing the Duo Push Notification setup, enable two-factor authentication for your users as shown in the image below.

• If you want to enforce 2FA for the administrator account as well, simply check the “Enable 2FA for Admins” checkbox.

Test Duo Push Notification on nopCommerce Login

• Login into your nopCommerce store.

• When the end user logs in, the Secure your account page will be displayed. Click Next to proceed with the setup.

• On the Setup 2FA page, click the Set Up button to continue.

• If your account is not registered with Duo, Click "Enroll" and follow the steps mentioned above to enroll your account.
• Once enrolled, click "Send Push Notification" to receive a notification on your Duo mobile app.

• If your account already exists in Duo, Click on the "Send Push Notification" button.

• Approve or deny the push notification received on your Duo mobile app to complete the 2FA setup.

• Note: After approving the Push on your device, the user will get logged in your nopCommerce Store.

Related Articles

• Two Factor Authentication (2FA) for ASP.NET
• Two Factor Authentication (2FA) for nopCommerce
• Two Factor Authentication (2FA) for Umbraco