One of the two-factor authentication options that Hudu supports (and recommends) is the ability to login in via an external authentication app. In this case, a third-party authentication app will generate a time-sensitive code; this code is then required to log in to Hudu; in addition to the user's username and password.
App-based 2FA in Hudu is compatible with any app that accepts a QR code or key to pair with your Hudu account. This method of authentication is based on the Time-based One-Time Password algorithm (TOTP).
Alternatively, visit Understanding SAML/SSO to learn more ways of securing your environment!
How app-based 2FA works
App-based 2FA is an additional layer of security used to ensure that people trying to gain access to your Hudu account, are who they say they are. They can then use the app with any site that supports this type of authentication.
At sign-in, a user first enters their Hudu username and password, and then, instead of immediately gaining access, they will be required to enter a code provided by a 2FA app on their smartphone or desktop. The TOTP code is typically only "active" and usable for 30 seconds.
Refer to the links below to some common providers of 2FA that are supported by Hudu. Keep in mind, these are not all that Hudu supports; just the ones we recommend and can better support!
How to enable app-based 2FA
The following sections will assist in setting up an app-based in a generic way that should work with any provider that supports a QR code or key to generate TOTP codes.
You must first set up app-based 2FA as a super-admin user to enable it for all users.
- Login to Hudu and navigate to your profile icon (top-right of the Hudu Toolbar) and click edit settings.
- You can also access this via the Hudu admin area >> General >> Configure 2FA >> and click the button that says ((Set up two-factor auth (2FA) first as a super admin to enable it for all users)).
- In the 2FA section, click Configure.
- Scan the provided QR code into a supporting 3rd party authentication app, or type in the provided secret key.
- Enter the TOTP code provided by the app into Hudu and click Activate 2FA.
- Hudu will redirect you to your account settings; indicating that 2FA is now enabled.
Enforcing 2FA for All Users
We highly recommend that you require all users to log in with the additional 2FA code. This further protects your Hudu account. As a Hudu admin:
- Navigate to the Hudu admin area on the top toolbar.
- Click General.
- Click Configure 2FA. You will now have the option to force all users to have 2FA enabled; enable this.
- Click Update to reflect these changes.
Push Notification 2FA
Logging in via a push notification sent to your phone from Duo Authentication is also supported. Visit our Setting Up Duo guide to learn more!
Why isn’t my 2FA code working?
Answer: Make sure your date/time on your phone and computer are correct, otherwise, you can run into drift issues and your 2FA will not work!
Notes: The two most common reasons app-based two-factor authentication won't work would be:
- Phone time (authentication time) doesn’t match Hudu environment time (or computer)
- Type of authenticator app (some uncommon providers may not work)