Setting up Google authentication (GAuth)
The Google Authentication Scheme is a two-factor authentication mechanism that requires the user to enter their password as
well as a single-use token when logging in to a station. This protects a user’s account even if their password is compromised.
This authentication scheme relies on TOTP (Time-based One Time Password), which cannot be reused, and the Google Authenticator
app on the user’s mobile device to generate and verify single-use authentication tokens. Google authentication is time based,
so there is no dependency on network communication between the user’s mobile device, the station, or external servers. Since
the authenticator is time based, the time in the station and time in the phone must stay relatively in sync. The app provides
a buffer of plus or minus 1.5 minutes to account for clock skew.
Prerequisites:
- The user’s mobile phone requires the Google Authentication app.
- You are working in
- The user exists in the station database.
Perform the following steps:
- Open the gauth palette and add the GoogleAuthenticationScheme to the node in the Nav tree.
- Right-click UserService, and double-click the user in the table.The Edit view for the user opens.
- Configure the
Authentication Scheme Nameas needed and click Save. - Under
Authenticator, click the button next toSecret Key.TheSet Up Authenticatorwindow opens. - Scan the displayed bar code with your Google Authenticator app, follow the steps in the app, and click OK.The Confirm Token window opens.
- In the Confirm Token entry field, enter the 6-digit token displayed in the Google Authenticator app, and click OK.
NOTE: The OTP (One-Time Password) code cannot be reused with Gauth. Ensure that you use a newly generated OTP code for the initial login. - To complete the configuration, click Save.Depending the view you are using, you may have to open the user again or refresh after saving.