Overview
Setting up two-factor authentication (2FA) in CAREWare 6 is a quick and powerful way to increase the security of the CAREWare user login process. CAREWare works with most 2FA applications and has its own 2FA application that can be downloaded here.
Configure central administrator permissions related to the 2FA feature
- Turn 2 Factor On or Off. Granting this permission enables a user to choose whether or not the server will enforce 2FA.
- Reset User 2 Factor Key. Granting this permission enables a user to reset other users’ 2FA keys. When a user's 2FA key is reset, that user will be prompted to set up his or her device at the next login.
To grant permissions for 2 Factor Authentication for Central Administration Groups:
- Log into Central Administration.
- Click Administrative Options.
- Click Provider User Manager.
- Click Manage User Groups.
- Click Central User Groups.
- Select the User Group Name.
- Click Manage.
- Click Change Permissions.
- Type 2 Factor in the Search field.
- Check each permission to be granted.
- Click Grant Selected Permissions.
Configure provider domain permissions related to the 2FA feature (if desired)
Reset User 2 Factor Key - Granting this permission enables a user to reset 2FA keys for user accounts assigned to the provider they administer. When a user's 2FA key is reset, that user will be prompted to set up his or her device at the next login.
- Log into Central Administration.
- Click Administrative Options.
- Click Provider User Manager.
- Click Manage User Groups.
- Click Provider User Groups.
- Select the User Group Name.
- Click Manage.
- Click Change Permissions.
- Type 2 Factor in the Search field.
- Check each permission to be granted.
- Click Grant Selected Permissions.
Turn on 2FA from Central Administration
- Click Administrative Options.
- Click Advanced Security Setup.
- Click Turn 2 factor authentication On or Off.
- Click Edit.
- Choose ON (using internal RFC 6238 TOTP key based authentication).
- Click Save.
Resetting Users' 2 Factor Keys
If a user gets a new smartphone or for other reasons needs to start over with a new authenticator, you will need to reset his or her key.
- Click Administrative Options.
- Click Provider User Manager.
- Click Manage Users. 4. Select the user
- Click Manage.
- Click Reset Internal 2 Factor Key.
Once two-factor authentication (2FA) is set up in CAREWare, two-factor authentication (2FA) can be set up for the device by completing the following instructions:
- Reset Internal 2 Factor Key.
- Log into CAREWare.
- Copy the Manual Code.
- Start the CAREWare 2FA Desktop Client.
- Click Add.
- Enter the Account Name.
- Paste the manual code in the Secret Key line.
- Click Save.
- Enter the code in the code from device line in the log in screen.
- Click Submit.
- Log into CAREWare.
- Enter the code again.
- Click Submit.
The 2FA application can be password protected by checking Password Protected.