NOTICE: You are in the old ClientSpace Help system. Please link to the new ClientSpace Help here https://extranet.clientspace.net/helpdoc/home/ClientSpace.htm
Configuring Two Factor Authentication For ClientSpace NEXT
Enabling 2FA and NEXT
It is important to note that enabling two-factor authentication (2FA) for your ClientSpace installation will redirect all of your users to a login page for ClientSpace NEXT, regardless of their user profile preference setting. Upon logging in they will be in NEXT - for clients with a mixed Classic / Next environment this may be confusing. If you have any questions in regards to this or any other login function, contact your NetWise account manager prior to making configuration changes.
Two-factor authentication (also known as 2FA ) is a method of confirming a user's claimed identity by utilizing a combination of two different components - ClientSpace 2FA in NEXT uses the standard username and password combination as the first factor, and a generated code sent to the user at authentication time as a second confirmation factor. To configure 2FA for your ClientSpace NEXT installation, perform the following steps.
2FA Step-by-step guide
- Insure that each user has a valid Primary email configured on the main tab of their user profile in ClientSpace
- Should they wish to receive authentication information via text insure they have a valid SMS Email configured on the Other Info tab of their user profile (see SMS Email formats below)
- If the user does not receive the authentication code in a timely fashion, check the configurations above on the user profile.
System Configuration of Two Factor Authentication is done by NetWise - Create an Extranet case to have this configured for your site. When logging this case, please be sure to include the following configuration options (subject to minimum requirements).
- TFA Code Length (number) - The length of the 2FA authentication code will be generated for the user.
- TFA Code Expiration Minutes (number) - Authentication code expires after this number of minutes.
- TFA Code Expiration Days (number) - Number of days the 2FA Authentication code will exist in the browser*** before automatic expiration and subsequent re-authentication of user.
Once the system is configured, when a user logs in the ClientSpace username and password will be validated as normal, then the system will check to see if the user has a current 2FA security cookie cached in their browser.
If the user does not have a valid 2FA cookie the system will:
- Check the user profile and if the SMS Email is configure, attempt to send a 2FA authentication code to the configured email address (see SMS Email Formats below)
- If SMS Email is not configured, the system will send an email to the Primary email of the user containing the authorization code.
- Once the user receives the authorization code they can enter it into the security box, which will create a security token (system cookie) containing a hashed code separate from the session cookie created by logging in.
- This cookie is checked against the current 2FA cookie stored in ClientSpace and if the hashed codes match, the user is authenticated. The cookie will live in the browser for the length of time specified under App Settings***, at which point the cookie will expire and the user will be prompted for 2FA again.
***If the user chooses the option to "Delete Cookies" when clearing their browser cache, the system will not be able to match the hashed codes and will interpret this as an un-authenticated browser, prompting the user through the 2FA process.
If you are logged into Outlook with the Outlook Add-In enabled you must close and re-open Outlook to allow the Add-In access to the Two Factor Authenticated browser session. Failure to do so will cause an authentication error when using the Outlook Add-In.
The following is a list of Cell carriers and their associated SMS email formats. Replace the string "•10digitphonenumber" with the actual 10 digit phone number for your cell phone, by carrier (including area code). This list is provided by NetWise as a courtesy and is only accurate as of the date of posting and will not be maintained - should the SMS email format not work for your carrier, please contact the service provider for the current email format.
US & Canadian Carriers
3 River Wireless •10digitphonenumber@sms.3rivers.net
ACS Wireless •10digitphonenumber@paging.acswireless.com
Alltel •10digitphonenumber@message.alltel.com
AT&T •10digitphonenumber@txt.att.net
Bell Canada •10digitphonenumber@txt.bellmobility.ca
Bell Canada •10digitphonenumber@bellmobility.ca
Bell Mobility (Canada) •10digitphonenumber@txt.bell.ca
Bell Mobility •10digitphonenumber@txt.bellmobility.ca
Blue Sky Frog •10digitphonenumber@blueskyfrog.com
Bluegrass Cellular •10digitphonenumber@sms.bluecell.com
Boost Mobile •10digitphonenumber@myboostmobile.com
BPL Mobile •10digitphonenumber@bplmobile.com
Carolina West Wireless •10digit10digitnumber@cwwsms.com
Cellular One •10digitphonenumber@mobile.celloneusa.com
Cellular South •10digitphonenumber@csouth1.com
Centennial Wireless •10digitphonenumber@cwemail.com
CenturyTel •10digitphonenumber@messaging.centurytel.net
Cingular (Now AT&T) •10digitphonenumber@txt.att.net
Clearnet •10digitphonenumber@msg.clearnet.com
Comcast •10digitphonenumber@comcastpcs.textmsg.com
Corr Wireless Communications •10digitphonenumber@corrwireless.net
Dobson •10digitphonenumber@mobile.dobson.net
Edge Wireless •10digitphonenumber@sms.edgewireless.com
Fido •10digitphonenumber@fido.ca
Golden Telecom •10digitphonenumber@sms.goldentele.com
Helio •10digitphonenumber@messaging.sprintpcs.com
Houston Cellular •10digitphonenumber@text.houstoncellular.net
Idea Cellular •10digitphonenumber@ideacellular.net
Illinois Valley Cellular •10digitphonenumber@ivctext.com
Inland Cellular Telephone •10digitphonenumber@inlandlink.com
MCI •10digitphonenumber@pagemci.com
Metrocall •10digitpagernumber@page.metrocall.com
Metrocall 2-way •10digitpagernumber@my2way.com
Metro PCS •10digitphonenumber@mymetropcs.com
Microcell •10digitphonenumber@fido.ca
Midwest Wireless •10digitphonenumber@clearlydigital.com
Mobilcomm •10digitphonenumber@mobilecomm.net
MTS •10digitphonenumber@text.mtsmobility.com
Nextel •10digitphonenumber@messaging.nextel.com
OnlineBeep •10digitphonenumber@onlinebeep.net
PCS One •10digitphonenumber@pcsone.net
President's Choice •10digitphonenumber@txt.bell.ca
Public Service Cellular •10digitphonenumber@sms.pscel.com
Qwest •10digitphonenumber@qwestmp.com
Rogers AT&T Wireless •10digitphonenumber@pcs.rogers.com
Rogers Canada •10digitphonenumber@pcs.rogers.com
Satellink •10digitpagernumber.pageme@satellink.net
Southwestern Bell •10digitphonenumber@email.swbw.com
Sprint •10digitphonenumber@messaging.sprintpcs.com
Sumcom •10digitphonenumber@tms.suncom.com
Surewest Communicaitons •10digitphonenumber@mobile.surewest.com
T-Mobile •10digitphonenumber@tmomail.net
Telus •10digitphonenumber@msg.telus.com
Tracfone •10digitphonenumber@txt.att.net
Triton •10digitphonenumber@tms.suncom.com
Unicel •10digitphonenumber@utext.com
US Cellular •10digitphonenumber@email.uscc.net
Solo Mobile •10digitphonenumber@txt.bell.ca
Sprint •10digitphonenumber@messaging.sprintpcs.com
Sumcom •10digitphonenumber@tms.suncom.com
Surewest Communicaitons •10digitphonenumber@mobile.surewest.com
T-Mobile •10digitphonenumber@tmomail.net
Telus •10digitphonenumber@msg.telus.com
Triton •10digitphonenumber@tms.suncom.com
Unicel •10digitphonenumber@utext.com
US Cellular •10digitphonenumber@email.uscc.net
US West •10digitphonenumber@uswestdatamail.com
Verizon •10digitphonenumber@vtext.com
Virgin Mobile •10digitphonenumber@vmobl.com
Virgin Mobile Canada •10digitphonenumber@vmobile.ca
West Central Wireless •10digitphonenumber@sms.wcc.net
Western Wireless •10digitphonenumber@cellularonewest.com
Related articles
NOTICE: You are in the old ClientSpace Help system. Please link to the new ClientSpace Help here https://extranet.clientspace.net/helpdoc/home/ClientSpace.htm