How to configure two factor authentication
To provide support for two-factor authentication, we rely on the Pega Platform to generate a One Time Password (OTP) that will be requested through the DX API v1 using the authenticate/ODP endpoint. This endpoint supports two options to send the OTP to the user, through email or SMS. Once the user enters the OTP in the Uplus application, the OTP is validated using the 2nd endpoint.
Two factor authentication can be configured for the Uplus application through the 'General' category under the settings tab. set the server based URL - make sure that it does not contain other path like '/prweb'. The server base url will be used to generate the url of the rest endpoint used for the OTP
Set the sendmode as email or sms. Note that sms requires some additional customization on the Pega Platform and is harder to setup than email notification.
To use email notification, create a new email account under integration-resources - in the screenshot above, the email account is called TestOTP. Make sure that the account is configured for outbound emails. The ruleset of the email account needs to be accessible to the user that will be authenticated. Make sure to store the instance in the same ruleset as the application used by the user.
To send the email to your account, you will need to set the OTP send to field - this field is configured under the Users category and will accept an email (if the sendmode is set to email) or a phone number (if the sendmode is set to sms). The OTP send to field is configured for each user.
If the DX API for the authenticate/ODP endpoint fails, it is likely that the pega username and pega password is incorrect. When calling this api, these 2 parameters are sent using basic authentication.
After turning on this feature and entering the username password, the login overlay will ask for the OTP
This feature is also implemented on the phone version of the Uplus app either through the overlay or in the full login page.
Note: Special thanks to Piotr Koszela for implementing the two-factor authentication feature and providing a detailed branch with the changes.