When storing and processing personal or company-related data, data security, i.e. the protection of this data, is increasingly important. In recent years, two-factor authentication has become established as a means of protecting data. In this process, a user confirms his identity when logging into an online application by means of two independent factors.

This additional security level is used to prevent unwanted access by third parties. In addition to a user name and password, the user needs an additional factor. This additional factor is usually only created for the current login. Depending on the application, for example, an additional code can be retrieved via app, a third-party software or SMS. Biometric features, such as a fingerprint, iris or facial recognition, can also represent this additional factor. A widespread example of the use of two-factor authentication is the use of the TAN procedure in online banking.

In our blog on password management in Odoo, we have already discussed the structure and management of passwords in Odoo. Especially in the professional environment, where you often work with sensitive data, for example from customers and suppliers, an additional security measure in the form of two-factor authentication is a suitable solution. Odoo itself does not offer a solution for this in the standard. For this purpose, the manaTec team, consisting of experienced Odoo developers and project managers, has developed a module that enables two-factor authentication when logging into Odoo.

The configuration of two-factor authentication in Odoo is very simple and can be completed with just a few clicks. In the user's settings, we find a new tab for configuring two-factor authentication.

To use two-factor authentication, we enable the "Allow External Access" checkbox for our users. This assigns a secret authentication code or QR code to each user. In order to generate a code, we need a third party app, which can be installed from any app store. The following app has already proven itself with our customers:

The app allows us to generate an additional code for Odoo access using the Authentication Secret Code or QR code, which we can use as a second factor to confirm our identity when logging in.

In order to do this, we add our account within the app by entering the Secret Code or by barcode scan. A new code is now generated for each account at intervals of 60 seconds. So the login with a code must happen before the 60 seconds have expired and the app has already generated a new code.

When logging in, the field for entering the authentication code now appears next to the "E-mail" and "Password" fields. It is important here that the user in Odoo and the user's smartphone are configured in the same time zone. If different time zones with an associated time difference are configured here, the code will not be recognized as valid and a login in Odoo is not possible.

A practical feature that our module brings along is the definition of a so-called whitelist. Here, we define IP addresses where users can log into Odoo even without two-factor authentication. For this purpose, there is a new menu item called "Whitelist" in the technical settings.

Here we specify the corresponding IP address and can assign a name to it. The IP address from which our module is installed is thereby automatically added to the whitelist. This way we avoid the risk of locking ourselves out of the system and not being able to perform the necessary configuration.

Our module for two-factor authentication in Odoo is consequently a useful addition to the security measures already in place. This means that nothing more stands in the way of secure and reliable management of our data.

Do you have questions about this or our other modules? Contact us now and we are very happy to be a reliable partner for you!

Sources: www.odoo.com, www.google.com, www.apple.com