CygNet Bridge API > Providing Two-Factor Authentication > Managing Two-Factor Authentication Users

Managing Two-Factor Authentication Users for CygNet Bridge API

There will be circumstances where an administrative deactivation of two-factor authentication is required. A user's mobile device containing the authenticator app they use to access CygNet Bridge API might be lost or stolen, for example, so they will be unable to log in until two-factor authentication is deactivated for their account. User accounts can be reset by an administrator to allow a user to activate two-factor authentication for their account using a new device or 2FA app.

See CygNet Bridge API (BRDGAPI) Security (ACCESS event) for information about configuring security access for Bridge API administrative functions.

See Group Service (GRP) Security (ACCESS event) for information about configuring security access for Bridge API administrative functions.

Resetting Two-Factor Authentication User Accounts

Note: An administrator must have security authorization level 4 for the [GRP]* ACCESS event for the Group service used to store user authentication data in order to make user data changes. [GRP]* = ACS security application name of the Group service dedicated to storing user authentication information. See Preparing your System for CygNet Bridge API for more information about configuring permissions.

An administrator with the required permissions can deactivate two-factor authentication for a user account, in one of the following ways.

Using CygNet Bridge API

CygNet Bridge API provides an API method, clientloginapi/api/login/tfa-reset?username={username}, that allows you to deactivate two-factor authentication for a user account via CygNet Bridge.

Use the following procedure to deactivate two-factor authentication for a user account using CygNet Bridge API.

To Reset Two-Factor Authentication for a User Account via CygNet Bridge API

Note: The administrator must also have security authorization level 5 for the BRDGAPIACCESS event to make user data changes using CygNet Bridge API.

Using CygNet Studio

CygNet provides a sample CygNet Studio screen you can use to manage two-factor authentication user accounts. When licensed for CygNet Bridge API, the sample user manager screen is located in your CygNet Bridge product source files.

The sample user manager screen contains the following fields.

Element Description

User data service

Use the drop-down menu to select the Site.Service for the group service that was created specifically for storing user authentication information for your site. See Preparing your System for CygNet Bridge API for more information about the process.

Refresh [service]

Click Refresh to update the list of available services.

Two-factor authentication users

Lists the users of CygNet Bridge API who have set up two-factor authentication

Select a user to view their setting details in the user settings box below.

Refresh [users]

Click Refresh to update the list of two-factor authentication users.

Reset user

Click Reset user to remove the selected user's authentication settings from the user data Group service. This allows the user to set up new 2FA account settings if desired.

User settings

Displays two-factor authentication setting details for the selected user, including user identity, status, and (encrypted) Pre-Shared Key (PSK) number

Use the following procedure to reset a two-factor authentication user account using CygNet Studio.

To Reset Two-Factor Authentication for a User Account via CygNet Studio

  1. In the CygNet Bridge\BridgeAPISampleScreen folder in your CygNet Bridge source files, locate the sample CygNet Bridge API Two-Factor Authentication User Manager.csf file and make a copy of it.
  2. Upload the copied .csf file into your Blob Storage Service (BSS).
  3. In CygNet Studio, open the screen from your BLOB service. Optionally make edits if desired, and Save any changes. See CygNet Studio for more information about configuring screens.
  4. Using your CygNet Bridge API Two-Factor Authentication User Manager screen, provide information as follows to reset the desired user authentication data.
  1. From the User data service drop-down menu, select the Site.Service for the group service created to store the user authentication information for your site, to view the list of two-factor authentication users.
  2. In the Two-factor authentication users list box, select the user name you want to reset.
  3. Click Refresh to ensure you are viewing current information.
  4. In the User settings results box, verify that the user information shown contains the authentication details you want to reset.
  5. Click Reset to remove the existing two-factor authentication settings for the selected user.
  6. Click Refresh to view the revised data and verify that the user data was reset.

Using CygNet Explorer

Administrators with required permission levels can also directly access the CygNet Group service that was created to contain the two-factor authentication user data, and edit the data directly.

Use the following procedure to reset a two-factor authentication user account using CygNet Explorer.

To Reset Two-Factor Authentication for a User Account via CygNet Explorer

  1. In CygNet Explorer, navigate to the Group service that was created to contain your two-factor authentication user data (example: USERDATA.GRP) and double-click to open it.
  2. Navigate to the node representing the user data you want to reset, right-click to access the context menu, and click Delete to remove the desired settings.
Back to top

Let us know how we can improve this topic.

CygNet at weatherford.com

© 2020 Weatherford. All rights reserved.