XP Cloud:Setting up User Authentication with the Google Authenticator App

From X-Payments Help
Jump to: navigation, search
X-Payments Cloud User Manual
  1. X-Payments Cloud: General information
  2. Getting started with X-Payments Cloud
  3. Two-factor User Authentication
  4. General Settings
  5. Payment Configurations
  6. 3D-Secure Settings
  7. KOUNT Antifraud Screening
  8. NoFraud Fraud Prevention
  9. Signifyd Fraud Protection
  10. Managing Users
  11. Customizing the User Interface
  12. Managing Payments
  13. Supported Payment Gateways

X-Payments Cloud can be set up to use a user authentication method based on using codes from the Google Authenticator application. The idea is simple: You install the app on a device you own, typically a smartphone, and connect it to your X-Payments Cloud account. The app can generate one-time passwords that serve as the second piece of evidence to prove your identity - in addition to your login and password - when you try to login to X-Payments Cloud.

To set up user authentication via the Google Authenticator app, follow these steps:

  1. Install the Google Authenticator app on your phone/mobile device. The installation instructions are available here.
  2. Go to the configuration page for the authentication method based on using Google Authenticator.
    Xpc google auth2.png
    This page opens automatically after you select Google Authenticator as your preferred user authentication method when you log in to X-Payments Cloud from your store for the first time.
    Xpc google auth1.png
    Also, you can access this page at any time using the "Google Authenticator app configure" link on your X-Payments Cloud profile details page (Profile > View details):
    Xpc ga app configure.png
  3. Sync the time on the device where you have installed the Google Authenticator app with the time in X-Payments Cloud. Never mind the time zone difference; it is only the minutes and seconds that need to be synchronized. The current time in X-Payments Cloud is displayed right on the Google Authenticator method configuration page:
    Xpc google auth time.png
  4. Add your X-Payments Cloud account to the Google Authenticator App. To do so, scan the QR code from the Google Authenticator method configuration page:
    Xpc google auth qr.png
    Or manually register your X-Payments Cloud account in the Google Authenticator app using the Secret code displayed below the QR code:
    Xpc google auth secret.png
  5. To test your X-Payments Cloud 2nd step user authentication configuration, look up the current one-time password in the Google Authenticator app installed on your phone/mobile device, enter this password into the appropriate field on the Google Authenticator method configuration page and click "Check":
    Xpc google auth3.png
    Note that the lifetime of a one-time password is one minute, and the same code cannot be used more than once.

Provided that the password from the Google Authenticator app has been entered correctly, you will get a confirmation.

Xpc google auth4.png

Now user authentication via the Google Authenticator app is enabled and configured. At the second step of user authentication, you can now use one-time passwords generated by the Google Authenticator app:

Xpc unlock google.png

Important: After setting up your preferred user authentication method, be sure to create and save a list of backup codes for access to X-Payments Cloud:

Later on, if you need to set up Google Authenticator on a different device, you will have to reconnect the app. Note that to complete the task you will be required to enter a one-time password from your currently connected Google Authenticator app (If you have authentication via SMS/text messages enabled as an additional method, you can also use a one-time password received via SMS/text message instead of the password from Google Authenticator - these passwords are the same and can be used interchangeably).

To re-connect the app:

  1. Go to the configuration page for the authentication method based on using Google Authenticator:
    Xpc configured google auth link.png

  2. Click Re-connect the app:
    Xpc google reconnect.png
    A popup window will be displayed providing a form for you to enter a one-time password from your currently connected app:
    Xpc google reconnect1.png
    Type in the one-time password from Google Authenticator (or an SMS/text message) and click Enter. The popup window will be closed, and the method configuration page will show the note "The authentication method is not configured!":
    Xpc google reconnect2.png
  3. Scan the QR code or manually enter the Secret code to re-connect the app.