Two Factor Authentication Overview
In order to help ensure the data that you enter into your Softrip back-office applications is more secure, Softrip now offers a two factor authentication process. Two-factor authentication increases security by requiring you to enter a temporary code each time you log in to your account. This verifies that the person logging in to your account not only knows your password, but also has access to the device on which your two-factor secret code is stored.
NOTE
SoftripNet authentication does not support 2FA, it is only supported in SoftripNext authentication.
If your Softrip instance uses SoftripNet authentication, it will have to be updated and reconfigured to use SoftripNext authentication instead.
Reach out to your Softrip contact on how to update these settings.
Accessing two-factor
The below steps outline how to access the two-factor authentication settings in security.
Select the security subsystem
Select system settings in the drop-down
Expand the Defaults section in the navigation bar
Select "Two-Factor Authentication" from the menu
Note: The system settings screen under security houses all general settings that apply to many of the outputs throughout the Softrip application. This includes but is not limited to the market codes screen, brands screen, codes, city codes, required fields on the passenger page, and more.
Two-Factor Screen overview
Once users have accessed the Two-Factor Authentication screen, they will be able to turn on a global setting by selecting the check-boxes next to the user type.
Example
In order to force all internal users to set-up two factor authentication, select the check box under "Required - Internal" and then select "save." Once an internal users logs into their Softrip application for the first time, they will be forced to set-up the two factor authentication as laid out below.
Note: All user types are eligible to require two-factor authentication
Internal Users
Travel Agents
Direct Users
Vendor Direct
Api Users
With each corresponding user type is a drop down box labeled "method." The "method" is the avenue in which users will be using the third party authenticator.
Example
Selecting "APP" under the method drop down refers to any third party application that will offer a token that will allow the users to log-in.
If users select the check-box to require the two-factor authentication per user type, then they must also ensure the corresponding option under the method drop down is selected.
Example
If users select the check box under the "Required - Internal" option, then they must also select the method under the "Method - Internal" section.
Note: Setting up two-factor under the system settings screen is only required by one user within an organization.
Once that one user (typically an admin) within that organization sets up the two-factor authentication for their internal users, each internal user will be required to download an authenticator application on their machine.
Each internal user will then be required to open that two-factor authenticator application each time they log into their Softrip instance and enter the token to access Softrip.
Setting up two factor
Once the appropriate settings are in place under the system settings in the security subsystems, users will need to log out and then log back into their Softrip application to see the changes.
Note: It may take up to 15 minutes for users to see the changes.
From there, users will need to download and install one of three authenticator applications.
Microsoft Authenticator
Supports Windows Phone, Android, and iOS
Google Authenticator
Supports Android and iOS
Authy
Supports Android, iOS, Windows, or Mac
Note: Once the two factor authentication setting is enabled, the next time the specific user (internal, external, etc) logs into the Softrip application, they will be presented with a pop-up after entering their user name and password. The pop-up contains links for each of the above applications. Users will only need to select the links provided to be directed to the appropriate screen to download the application.
Note: If the Softrip system admin requires that all internal users within the organization go through a two factor authentication process while logging in, then all internal users within the organization will need to download one of the above two factor authentication applications.
Once the application of choice is downloaded and set-up, users will either need to scan the QR Code or enter the authenticator key provided.
Below is an example of a QR code and/or the key users will want to enter into the two factor authenticator application once it is downloaded.
Note: A new QR code and authenticator key will be generated each and any time the user accesses the Two Factor Authentication option from the user settings.
Once the code is scanned or the key is entered, the two factor authenticator application will respond with a unique code. This code/token should be entered into the token field provided in the pop-up in your Softrip application. Once your token is entered into the field, select "enable."
Note: Once the above steps are followed, two factor is enabled. Moving forward, each time a user logs out of the Softrip application and logs back into the Softrip application, they must open their third party authenticator application to generate a fresh code and enter it into the token field in order to access their Softrip application.
Note: If you are using SoftripNet (legacy) reservations, ask your Softrip support contact to review the STServerWeb setting IsPassThruLoginEnabled
and the STServer setting PassThroughSession
. If those setting are not set correctly, 2FA requirements will not take effect.
Video
(Please note that this video displays the full process of how to set-up a global two-factor setting under the security sub-system as well as discusses how to enter your codes and token in your two-factor authenticator application. Not everyone within the organization will need or should access the system settings option under the security subsystem.) https://youtu.be/cITsVpSrlo8