Two-Factor Authentication

You can enable Two-Factor Authentication in Exchange Reporter Plus to secure all logins. Exchange Reporter Plus supports five modes of authentication. You can choose one or more methods that work best for you; if you configure multiple login modes, the technician is given the liberty to choose one method from the list. To enable Two-Factor Authentication:

1. Go to the Settings tab.
2. Navigate to Admin → Utilities → Two-Factor Authentication.
3. Click the button corresponding to Two-Factor Authentication to enable this feature.

Supported authentication methods

Exchange Reporter Plus supports the following authentication methods:

• Email Verification
• SMS Verification
• Google Authenticator
• Duo Security
• RADIUS Authentication

Email Verification

Technicians can receive verification codes from Exchange Reporter Plus via email, which they can enter to log in to the product. To enable the Email Verification method:

1. Go to the Email Verification drop-down.
2. Select Enable Email Verification.
3. Modify the Subject and Message content as required.
4. You can also attach other attributes, like username or codes, to the message by clicking the Macros option in the bottom-right corner.
5. Click Save.

SMS Verification

Technicians can also receive verification codes from Exchange Reporter Plus via SMS. To enable the SMS Verification method:

1. Go to the SMS Verification drop-down.
2. Select Enable SMS Verification.
3. Modify the Message content as required.
Note: Please note that if the message exceeds 160 characters, the notification will be dispatched in two or more text messages.
4. You can also attach other attributes, like username or codes, to the message by clicking the Macros option in the bottom-right corner.
5. Click Save.

Google Authenticator

If your organization uses Google Authenticator for security purposes, Exchange Reporter Plus supports that too. To enable the Google Authenticator method for verification:

1. Go to the Google Authenticator drop-down.
2. Select Enable Google Authenticator.

Duo Security

To enable the Duo Security verification method for Exchange Reporter Plus:

1. Go to the Duo Security drop-down.
2. Select Enable Duo Security.
3. Enter the Integration Key, Secret Key, and API Host Name of your Duo Security account.
4. You can also enter the Username Pattern if required.
5. Click Save.

RADIUS Authentication

When RADIUS Authentication is enabled, end users can use their username and password in the RADIUS server to log in to Exchange Reporter Plus. To enable the RADIUS Authentication method for Exchange Reporter Plus:

1. Go to the RADIUS Authentication drop-down.
2. Select Enable RADIUS Authentication.
3. Enter the Server Name or IP Address and Server Port.
Note: By default, the server port used is 1812.
4. Enter the Authentication Scheme, Secret Key, and Username Pattern for your RADIUS server.
5. You can also choose a Request Time Out value for the server if you prefer.
6. Click Save.

Other features

• Backup Verification Code

  Select the Backup Verification Code checkbox if you would like to provide backup support for user logins. In some cases, technicians may face issues with the configured login methods, or could lose access to the corresponding asset (like mobile phones for SMS verification). The backup verification codes generated can be used to access the product easily. You can access the five backup verification codes generated by following the steps below:

  1. Go to the Settings tab.
  2. Navigate to Admin → Utilities → Two-Factor Authentication.
  3. Click the Two-Factor Authentication option in the top-right corner of the page.
  4. Click Manage backup verification codes. A pop-up displaying your five backup codes will open.
  5. You can download, print, or email the backup codes to your personal email address for safekeeping.
  6. Click OK.
• Enrolled Users

  This option in the bottom-right corner of the page gives you the list of technicians who have logged in using the Two-Factor Authentication method. An admin can use this option to delete a technician’s account in order to make them enroll again.

  1. Click the Enrolled Users option.
  2. Select the names of the technicians.
  3. Click the icon corresponding to each account to delete from the list.
  Note: The deleted technicians must complete the entire enrollment process again.
  4. Click OK.
• Modify Authentication Mode

  You can, at any point in time, make changes to the authentication mode configured by following the steps below:

  1. Go to the Settings tab.
  2. Navigate to Admin → Utilities → Two-Factor Authentication.
  3. Click the Two-Factor Authentication option in the top-right corner of the page.
  4. Go to Modify Authentication mode.
  5. Enter the new inputs prompted in regards to the configuration method.
  6. Confirm by entering the code generated. Changes will be saved automatically once you click Verify Code.

Once the Two-Factor Authentication settings are configured, technicians will be prompted to enter the necessary credentials for a second mode of authentication at the next login.

On choosing the Trust this browser option, a technician will not be prompted to enter credentials related to the second authentication factor for the next 180 days while accessing Exchange Reporter Plus from the same browser.

Reset two-factor authentication enrollment

If you have lost your authentication device or cannot retrieve the verification code required to complete authentication, you can reset the secondary factor in two-factor authentication for the default admin account using this option.

To reset the authentication factor:

1. Navigate to the <installation directory>\bin folder. By default, the installation path is C:\Program Files\ManageEngine\Exchange Reporter Plus\bin.
2. Click and run the resetAdminTFAEnrollment.bat file available under this path.
3. Restart Exchange Reporter Plus.
4. You can now re-enroll for the secondary authentication factor by logging in to Exchange Reporter Plus and following the steps mentioned above on this page.