Administrator: Provide multi-factor authentication

Authorization for the configuration

Multi-factor authentication can only be configured by the administrator - i.e. by users who are members of the "Administrators" user group.

Configuration of multi-factor authentication

In the Portal Manager, multi-factor authentication is set up in the "Portal properties". It can be configured and activated there in the "Security" area. All services are deactivated by default.

The following methods can be activated:

Authentication app (QR code)

The authentication app is preferred because it can be used on any end device.

Only the name of the issuer is stored in the configuration of the authentication app. This is pre-assigned with the portal name that is defined in the portal properties in the "General" area.

The issuer is displayed in the authentication app:

Once the configuration is complete, the service can be activated by activating the checkbox and made available to the portal user.

SMS

Multi-factor authentication by SMS notification can be used if there are portal users who have a smartphone.

Please note that an account must be created with "seven.io"(www.seven.io/de) for the SMS configuration. In the "seven.io" section you will find information about the provider as well as step-by-step instructions. The connection of alternative services can be found in the section "Integration of alternative messaging providers". You are also welcome to request support from our consultants (consulting@intrexx.com).

Structure of the SMS

To activate the SMS, the following information must be defined using the "Configure" button:

  • Provider*: the provider is preset and cannot be changed

  • API-Key*: Store the required data of your SMS provider (e.g. messaging provider seven.io) in the Intrexx login information store.

  • Name of the sender: is described with 11 characters. If the sender's name is not stored, the phone number is used.

  • Message*: At least the placeholder for the verification code must be entered in the message

*Mandatory fields

API key

When using the API key, you access the secure login information store in Intrexx. In the list, you can select an existing entry from the login information memory.

Click on "Select login information" to open the dialog for the login information store.

By clicking on "Add login information" you can add a new entry with the API of your SMS provider. Assign a unique name and enter the provider's API key in the "Password" field. Enter a description.

Accept the API key from the login information memory with "OK".

Name of the sender

The sender's name can be described with a maximum of 11 characters.

Message

Placeholders can be inserted in the message by clicking on "Add placeholder". At least one placeholder for the verification code is mandatory.

Placeholder

The following placeholders can be used:

Recommended: ${OTPFMT}

Formatted authentication code for SMS message: The code consists of at least six digits and is displayed in groups of three or four (e.g. "123 456" or "1234 5678").

${OTP}

Unformatted authentication code, by default consisting of six decimal digits (e.g. "123456").

${OTPDIGIT[<i>]}

Digit of the authentication code where <i> is the 0-based index of the digit in the authentication code (see example).

${OTPFMTSSML}

Definition for formatted authentication code (digits separated by colon 1:2:3:4:5:6)

${from}

Configured sender name, possibly depending on the selected language.

${timestamp}

Time of message creation in ISO-UTC format. The timestamp is 20 characters long, e.g. "2025-02-25T17:33:30Z".

If the maximum number of characters in an SMS is exceeded (usually 160 characters), providers react differently:

Depending on the provider, either the message is automatically split into several consecutive SMS messages or the message is truncated.

The behavior must be checked individually with the respective provider. The character count within the SMS message dialog is based on the SMS standard of 160 characters.

Best practice example

Verification code at the beginning of the SMS

If the verification code is placed right at the beginning of the text message, the recipient can often recognize it in the preview and use it directly without having to open the message completely:

Example with variables ${OTPDIGIT[<i>]}

In this example, each variable represents a digit of the verification code. Please note that the placeholder is not provided via "Add placeholder".

Multilingualism

The sender and message can be stored in the portal languages in the SMS. Click on "Multilingualism" as usual to enter multilingual texts.

Activation of the configuration

Once the configuration is complete, the service can be activated by activating the checkbox and made available to the portal user.

Voice call

Multi-factor authentication by voice call is used if there are portal users who have a smartphone or a normal phone.

Please note that an account must be created with "seven.io"(www.seven.io/de) to set up the voice call configuration. Please refer to the separate chapter on seven.io. You can request the connection of alternative services via our consulting service (consulting@intrexx.com).

Structure of the voice call

When configuring this service, enter the following information:

  • Provider*: the provider is preset

  • API-Key*: Store the required data of your SMS provider (e.g. seven.io) in the Intrexx login information store.

  • Message*: As in the SMS message, at least the placeholder for the verification code must be entered

*Mandatory fields

API key

When using the API key, you access the secure login information store in Intrexx. In the list, you can select an existing entry from the login information memory.

You will be taken to the login information store dialog, where you can add a new entry with the API of your SMS provider by clicking on "Add login information". Assign a unique name and enter the provider's API key in the "Password" field. Enter a description.

Accept the API key from the login information memory with "OK".

Message

Placeholders can be inserted in the message by clicking on "Insert placeholder". At least one placeholder for the verification code is mandatory.

Placeholder

The following placeholders can be used:

${OTPFMT}

Formatted authentication code for voice message: The code consists of at least six digits. The digits are separated by spaces (e.g. "1 2 3 4 5 6").

${OTP}

Unformatted authentication code, by default consisting of six decimal digits (e.g. "123456").

Recommended: ${OTPFMTSSML}

Authentication code formatted for SSML (Speech Synthesis Markup Language) in which the digits are separated by colons (e.g. "1:2:3:4:5:6"). This format is used so that speech output systems (text-to-speech engines) can read out each digit individually and clearly understandably instead of pronouncing it as a composite number.

Further information on SSML can be found at seven.io(https://docs.seven.io/de/rest-api/endpunkte/voice#ssml).

${OTPDIGIT[<i>]}

Digit of the authentication code where <i> is the 0-based index of the digit in the authentication code (see example).

${timestamp}

Time of message creation in ISO-UTC format.

The timestamp is 20 characters long, e.g. "2025-02-25T17:33:30Z".

Best practice example

Example of a voice call in SSML 

<voice name="de-de-female" loop="2" loop-info="I repeat">
   Your verification code is: <break strength="medium" />
   <prosody rate="x-slow">
      <say-as interpret-as="number_digit"> ${OTPFMTSSML}</say-as>
   </prosody>
</voice>

Example with variables ${OTPDIGIT[<i>]}

In this example, each variable represents a digit of the verification code.

Multilingualism

The voice message can be stored in the portal languages. Click on the globe symbol as usual to enter multilingual texts.

Activation of the configuration

Once the configuration is complete, the service can be activated and made available to the portal user by selecting the "Activated" setting.