2-factor authentication for administrators

Sunday, April 18, 2021

Jan Trnka, Polaris-Team

Two factor authentication (2FA) is required for users having privilege to manager personal data in Polaris. This means if the user has one of the following roles in one of his units (home/guest units):

  • Polaris admin
  • Admin (all rights) with Units below with or without export
  • Unit Admin (all rights)
  • Member administrator
The user will be requested to enter a PIN when he enters the menu "Polaris admin" (he switches to the back-end) The current unit where he switches to the back-end, or in which he has the role is not meaningful.

The PIN is generated by Polaris and sent to the user by e-mail to the address the user has used to login.

The PIN entry is required when the user has logged-in by entering his username & password, or by using the password saved in the browser. The PIN is no longer valid after log-out.

The PIN entry is not required when the user gets into Polaris via the "stay connected" feature and his last login date is no longer then one week in the past. The stay-connected feature is based on cookies saved on the particular user device which can be considered as his own property. Admins using Polaris very often will not be annoyed by the PIN entry.

Using Polaris on different devices requires to enter the PIN on each device. In such case the time period of one week lasts individually for each device.

___

If you have problems with the logout function, please delete all cookies in your browser.

PIN entry

PIN e-mail