Promotic
Login logon

Preconfiguration "Two-factor user authentication"

A panel for two-factor authentication of the logging-in user using a one-time code sent via email or via text message.

This preconfiguration can be activated when creating a new object (e.g. by "New object ..." in the context menu of the object or by pressing the Insert key after selecting the object).
 
This preconfiguration is included in the "/ Users" group.

The preconfiguration creates PmaPanel object, which is titled "NotAuthPanel".

This panel has the following methods:
SendCodeToClient - (essential) generates a verification code and sends it to the user that is logging in (via email or text message)
ReSendCode - (complementary) ensures that a new code is generated and sent to the user logging in
SetNotAuthCode - (essential) completes the user's multi-factor authentication by verifying the code entered by the user
GetUserParam - (complementary) provides the required information for the specified users - email, phone number, etc.
SendEmail - (complementary) sends an email with a verification code to the user that is logging in
SendSMS - (complementary) sends an SMS message containing a verification code to the user that is logging in


When users log in, you need to into the onUserLogonBegin event set the NotAuthState property to 1 for the desired user and then call the SendCodeToClient method, which generates the verification code needed to complete two-factor authentication and sends this code via email (or SMS) to the logging-in user.
After the user has partially logged in (after entering the correct username and password but before two-factor authentication) the default page — the verification code entry panel — opens in the browser.
After the user enters the verification code, the SetNotAuthCode method is called, which, upon entering the correct verification code, completes the two-factor login by setting the NotAuthState property to 0.
This makes the logged-in user a fully authenticated user with all the permissions they are entitled to.

The preconfiguration for multi-factor authentication works only for network users; it is not applicable to local users.

For this preconfiguration to work properly, you need to set the default PmaWeb server address to this panel, which is "notauthpanel" by default.

To send emails successfully, you must specify the correct email sending parameters in the SendEmail method

Google uses OAuth authentication, which cannot be used in the Promotic system. However, it is still possible to send emails from Promotic via Gmail. For this to work, you must enable two-step verification for the relevant Google account. You can then generate an App Password, which you must use instead of the standard login password for that Google account.

You need to modify and/or add parameters (email address, phone number) for the specified users in the GetUserParam method.

Sending SMS messages is not enabled in this preconfiguration; there is only a method available that can be used to set up this functionality.

These configurators can be set before the preconfiguration is created:
The name of created objectName of the object created in the Pma object tree.
The maximum name length is 30 characters.
This is a system name, so it must contain only alphanumeric and must not contain any diacritics (i.e. national dependent characters), empty string, spaces and first character must not be a number.
Default: "NotAuthPanel".
Enable as Web componentSpecifies whether this object has to be registered as a web server component
After the preconfiguration is created, the "PmaPanel > Web server > Enable as Web component" configurator will be set to this value.
PmaWeb objectPath in the Pma object tree to the object PmaWeb, PmaWebFolder or PmaWebLang where the registration is carried out.
Macro expression can be used for entering (it is evaluated after the application is launched).
After the preconfiguration is created, the "PmaPanel > Web server > PmaWeb object" configurator will be set to this value.
Web component identifierSpecifies unique identifier of this Web component.
The full URL address to this component is then for example:
"http://ComputerName:Port/Identifier"
Macro expression can be used for entering (it is evaluated after the application is launched).
After the preconfiguration is created, the "PmaPanel > Web server > Web component identifier" configurator will be set to this value.
Example:
The script must be placed into the onUserLogonBegin event of the PmaRoot object:
JavaScriptVBScriptSelect and copy to clipboard

if (2 == pEvent.User.Type)
{
pEvent.User.NotAuthState = 1;
pMe.Pm("/#PmaId/NotAuthPanel").Methods.SendCodeToClient(pEvent.User);
}
See also:
- Users
- What are preconfigurations
PROMOTIC 9.0.34 SCADA system documentation MICROSYS, spol. s r.o.

Send page remark Contact responsible person
Navigation:
 
- PROMOTIC SCADA/HMI system
- Documentation contents
- Subsystems
- Preconfigurations
- Pma object preconfigurations
- Users
 
- Two-factor user authentication
 
 
© MICROSYS, spol. s r.o.Update cookies preferences