XP Cloud:Setting up User Authentication with the Google Authenticator App
X-Payments Cloud can be set up to use a user authentication method based on using codes from the Google Authenticator application. The idea is simple: You install the app on a device you own, typically a smartphone, and connect it to your X-Payments Cloud account. The app can generate one-time passwords that serve as the second piece of evidence to prove your identity - in addition to your login and password - when you try to login to X-Payments Cloud.
To set up user authentication via the Google Authenticator app, follow these steps:
- Install the Google Authenticator app on your phone/mobile device. The installation instructions are available here.
- Go to the configuration page for the authentication method based on using Google Authenticator.
This page opens automatically after you select Google Authenticator as your preferred user authentication method when you log in to X-Payments Cloud from your store for the first time.
Also, you can access this page at any time using the "Google Authenticator app configure" link on your X-Payments Cloud profile details page (Profile > View details):
- Sync the time on the device where you have installed the Google Authenticator app with the time in X-Payments Cloud. Never mind the time zone difference; it is only the minutes and seconds that need to be synchronized. The current time in X-Payments Cloud is displayed right on the Google Authenticator method configuration page:
- Add your X-Payments Cloud account to the Google Authenticator App. To do so, scan the QR code from the Google Authenticator method configuration page:
Or manually register your X-Payments Cloud account in the Google Authenticator app using the Secret code displayed below the QR code:
- To test your X-Payments Cloud 2nd step user authentication configuration, look up the current one-time password in the Google Authenticator app installed on your phone/mobile device, enter this password into the appropriate field on the Google Authenticator method configuration page and click "Check":
Note that the lifetime of a one-time password is one minute, and the same code cannot be used more than once.
Provided that the password from the Google Authenticator app has been entered correctly, you will get a confirmation.
Now user authentication via the Google Authenticator app is enabled and configured. At the second step of user authentication, you can now use one-time passwords generated by the Google Authenticator app:
Important: After setting up your preferred user authentication method, be sure to create and save a list of backup codes for access to X-Payments Cloud:
Later on, if you need to set up Google Authenticator on a different device, you will have to reconnect the app. Note that to complete the task you will be required to enter a one-time password from your currently connected Google Authenticator app (If you have authentication via SMS/text messages enabled as an additional method, you can also use a one-time password received via SMS/text message instead of the password from Google Authenticator - these passwords are the same and can be used interchangeably).
To re-connect the app:
- Go to the configuration page for the authentication method based on using Google Authenticator:
- Click Re-connect the app:
A popup window will be displayed providing a form for you to enter a one-time password from your currently connected app:
Type in the one-time password from Google Authenticator (or an SMS/text message) and click Enter. The popup window will be closed, and the method configuration page will show the note "The authentication method is not configured!":
- Scan the QR code or manually enter the Secret code to re-connect the app.