Hi,
The reactive web app I am currently working on has MFA implemented both via Email and application. But the customer has requested the ability to set up an additional authenticator app from a different device for e.g. if the application user has lost their phone with the MFA authenticator app and want to setup and login using a MFA auth app on a new phone. I have already implemented the ability to register a new MFA auth app (following an Email TOTP verification of the user); however, there is no communication between the MFA auth app device and the application to say, choose/manage the registered device. For example:
User 1 has two MFA auth applications on two devices
Registered MFA App1- iPhone11 - Microsoft Authenticator
Registered MFA App2 - Google Pixel 8 - Google Authenticator
The application should allow the user to select one.
Question is how to capture the device, MFA Authenticator application information using OS?
I would really appreciate your insight and help.
Thank you!
Hi Everyone,
Any suggestion on this issue ?
Thanks.
It is not possible to choose which device to use for entering the code because there is no communication between the authenticator app and your web application. This is for security reasons.
When you set up MFA, you can scan the QR code on different devices like Microsoft Authenticator or Google Authenticator. The code you see will be the same on all devices at the same time. This happens because the code is made using the same secret key and the current time.
So, you don’t need to pick a specific device. You can use the code from any device that scanned the QR code to log in.
Is there any way to capture the current login device information in reactive web application?
When Outsystems app internal users logged in on the new device then How can I get to know it ? When users tried to login on new device that time I want to enable MFA for that User ? How can I achieve it in Outsystems reactive?
To identify if a user is logging in from a new device, a possible solution is to generate a unique identifier and store it on the server. If this identifier differs upon subsequent logins, it indicates a new device. One method to generate this unique identifier is using 'Canvas fingerprinting,' which creates an almost unique number. For more information, refer to this article on Canvas Fingerprinting. You can find JavaScript examples for generating this identifier on the mentioned site.