Table of Contents:
If your dashboard service uses 2-Factor Authentication (2FA) you will need to provide Fugo with the secret key that is generated by your Identity Provider in order to display your dashboards on screen.
In this guide we'll take you through some of the basics of 2FA and show you how to configure it when using Fugo's TV Dashboard feature.
1. What is 2FA?
2FA, sometimes referred to as Two-step verification, is more secure than just a password, because it requires something you know plus something you have. For instance, no hacker has your physical phone.
When you’re accessing your dashboard service, like Looker, over the web, you will be 1) authenticated, and then 2) authorized by the Looker service:
Authentication: Looker needs to know who you are
Authorization: once Looker gets to know you, it will decide what resources you have access to.
2FA is all about Step 1.
1FA
Usually, a web service authenticates users by asking for something only the user is supposed to know, like your login credentials (username and password.) This is called 1 Factor Authentication.
2FA
However, login credentials can be stolen. That’s why web services like Looker and Power BI ask users for something that only that user is supposed to have, such a secret code that can only be accessed via a mobile phone app. This is called 2 Factor Authentication.
Multi-Factor Authentication, MFA for short, is an authentication method that uses two or more ways of establishing the user's identity. Typically, it’s username/password with an authenticator app that uses Time-based One-Time Password (TOTP.)
So how does 2FA work in the real world? How do you prove that the user that is trying to log in has physical access to their smartphone? With an Identity Provider.
What is an Identity Provider?
Identity provider (IdP) is a service that stores and verifies a user's identity. IdPs are usually cloud-hosted services that can be downloaded via mobile app. Two of the most popular IdPs are Google and Microsoft identity platforms.
Ok, back to 2FA. As explained above, IdP and your authenticator app on your phone share the same secret key upon set up.
2FA essentially asks the user in the authentication step to:
Enter their login credentials, username and password
Provide a token generated by the app that proves that the secret key stored on the IdP matches the secret key stored in the authentication app
Note: In this guide we will only show how to configure 2FA for Google and Microsoft identity providers, but the same underlying principle applies to other identity providers. Please get in touch if you need assistance.
Make sure to create a service account When creating a dashboard in Fugo TV Dashboards, we highly recommend that you create a least privileged account inside your dashboard service to use with Fugo.
2. How to set up 2FA with Microsoft Account
If you want to log into your dashboard service using ‘Login with Microsoft’ you will need to configure it for Fugo TV Dashboards.
The Microsoft identity platform allows you to sign in to your dashboard service using your Microsoft identity or social account.
In order to set up Fugo TV Dashboards with Microsoft Account, you need the following three things:
Service Account: set up inside your Microsoft account
Secret Key: Turn on two-step verification and set up in your authenticator app. Make sure all other verification methods are disabled.
Authenticator App: Get a Secret key generated by Microsoft Account
The following sections will detail how to set up 2FA in Fugo with Microsoft, depending on how far you've gotten with your authentication app and your secret key.
2.1
I already have a secret key and authenticator app
Great. You can jump ahead to step 2.5.
2.2
I already have the authenticator app set up but not the secret key
You will need to set up the authenticator app again and get the secret key in the process.
2.2.1
Go to your Microsoft Account and navigate to your Security page
2.2.3
Click on Advanced Security
2.2.4
Turn off Two-step verification.
Continue to step 2.3 to set up the authenticator app again and most importantly, get the secret key.
2.3 I don't have my secret key or the authenticator app set up
2.3.1
Go to your Microsoft Account and navigate to your Security page
2.3.2
Click on Advanced Security
Now we're going to set up an authenticator app:
2.3.3
In the Additional Security section, turn on Two-step verification. You will be navigated to a page with the setup instructions. Just click Next to continue.
2.3.4
On the subsequent page, select An app under Verify my identity with as shown below and click set up a different Authenticator app.
Now we're going to get the secret key:
2.3.5
You will see a new page with a QR code. This QR code represents your secret key but don't scan the code just yet. Instead, click I can't scan the barcode and you should see the actual secret key that you then need. Store it in a safe place and then enter it into your Fugo TV Dashboard.
Now you are ready to set up your authenticator app by scanning the QR code. You can bring the QR code up again by clicking on I'll scan a bar code instead. Or you can manually enter the Secret Key into the app.
Note: You can download any authenticator app on your phone. Microsoft and Google are the most popular and they work the same way.
To complete the set up you will need to enter the code generated by the authenticator app back into setup page as shown below:
Now we're ready to complete the authentication app setup:
2.3.6
You can complete the setup by pressing Next. When finished, you will be navigated back to your security account - where you should see the confirmation that Two-step verification is turned on and Enter a code from an authenticator app is Up to date.
2.4 Remove other ways of verifying user identity
You need to make sure that the only verification methods enabled on your account are:
Enter Password
Enter a code from an authenticator app
Otherwise, Fugo TV Recorder might struggle to repeat the recorder steps as your journey becomes unpredictable.
Finally, disable email alerts in the account, since you won't want to be receiving notifications every time Fugo logs in and snapshots your dashboard.
2.5 Configure Microsoft 2FA in Fugo TV Dashboards
When using your Microsoft account, configured with 2FA, to access your dashboard from the Fugo TV Recorder, you will be asked to enter your email address and maybe asked the code generated by your authentication app that we set up in previous steps.
Once you select and capture your dashboard, you will be prompted with a popup asking you to enter the secret key that we generated from in the previous sections. This key will be encrypted and securely stored in Fugo Secret Manager and will only be accessed from a safe environment by our server instance.
From there, you should be good to go!
Now we'll cover using Google to set up 2FA with Fugo.
3. How to set up 2FA with Google Account
If you are using ‘Login with Google’ with 2-Step Verification to access your dashboards you will need to configure your Google account for it to work with Fugo TV Dashboards.
As suggested in our previous steps, we recommend creating a service account user with minimum level privileges.
You will need the following three things:
Service Account: for your Google account. You can find instructions for that here.
Secret Key: Turn on two-step verification and set up the authenticator app. Make sure all other verification methods are disabled
Authenticator App: Get a secret key generated by Google Account
The following sections will detail how to set up 2FA in Fugo with Google, depending on how far you've gotten with your authentication app and your secret key.
3.1 I already have my Secret Key and Authenticator App
Great. You can jump straight to step 3.4.
3.2 I already have the authenticator app set up but I don't have the secret key
Go to your Google Account and navigate to your Security page
Continue to step 3.3 to set up the authenticator app again and most importantly, get the secret key.
3.3 I don't have a Secret Key or the Authenticator App set up
In order to enable 2-Step Verification on your account, you must first have an associated recovery phone. If you already have a recovery phone set up, skip to section 3.3.6.
3.3.1
Go to your Google Account and navigate to your Security page where you will need to turn on 2-Step Verification in the Signing into Google section.
3.3.2
On the next page you will need to click GET STARTED
3.3.3
You may be asked to set up your phone as an additional layer of security. There are various options of layers you can add but for the purpose of this guide we will go with Text Message. After entering your phone number and clicking NEXT you should receive a verification code
3.3.4
Enter the verification code and click NEXT again.
3.3.5
If you did everything correctly up until now you should see a big green tick. Now all you'll have to do to complete the setup successfully is to press TURN ON, and then in the next pop up DONE.
3.3.6
On the next page you will need to click SET UP under Authenticator App.
3.3.7
Choose your phone type and click NEXT
3.3.8
You should now see a pop-up with a QR code. Once you download the authenticator app from the app store, make sure to click CAN'T SCAN IT instead of scanning the QR code.
3.3.9
This will reveal the secret key that you will need to store safely and use in Fugo TV Dashboard when prompted. Make sure you do not click the back button here as this will generate a new code.
3.3.10
Enter the secret key manually in your authenticator app and then enter the generated 6-digit code back into the set up authenticator.
After the successful completion of the set up you should now see the authenticator app in your Google Account 2-Step Verification page.
3.4 Sign out of your mobile devices and remove your recovery email and phone
3.5 Configure your Google 2FA in Fugo TV Dashboards
Let's say you are trying to display a Trello Dashboard and want to sign in with Google account, enabled with 2FA.
3.5.1
Click Continue with Google
3.5.2
Enter your Service Account Email and Password
3.5.3
Enter the TOTP code from your Authenticator App
3.5.4
Once logged in, now you can navigate to and capture the dashboard you want to display.
3.5.5
You should now see the red prompt Enter secret key. Click this and enter the secret key that we generated earlier in the pop up.
This Key will be encrypted and securely stored in Fugo Secret Manager and will only be accessed from a safe environment by our server instance.
You're all set!
Now that you've set up 2FA with Fugo and captured the dashboards you want to display, you'll be ready to publish them to screen!
If you have any questions or would like some guidance setting up 2FA for Fugo, you can reach out to our support team at support@fugo.ai.
Happy publishing!