13. Login
Secure device access is critical when working with personally identifiable information.
Users verify their identity by entering their credentials (username and password). This ensures that only authorised users can access the app and the data it contains.
Two Factor Authentication (2FA) adds an additional layer of security by requiring users to provide a second form of authentication. This is a verification code sent to their mobile device or email depending on the system configuration, in addition to their login credentials. This helps prevent unauthorised access even if a user's login credentials are compromised.
Configuration options
Set Two Factor Authentication (2FA) communication method (SMS or email)
Set Two Factor Authentication (2FA) request time period (default 2 weeks)
Pre condition
User has an account
Triggers
User enters their username and password
Standard flow
Navigate to OpenCRVS instance address eg. www.farajaland-opencrvs.org
Enters username
Enter password
Click ‘Login’
If Two Factor Authentication (2FA) required (…)
User checks their email for 2FA code
User checks their phone for 2FA code
User enters 2FA code
User click ‘Verify’
User shown loading screen
User successfully logged
Post conditions
User is logged into their account
User audit updated to show user logged in (time, ip address and device,
Variations/Exceptions
Error if username and password combination not recognised
Error if 2FA code is not valid