Configuring MFA with Core EOS and Privakey
When we at United Effects wanted to enable MFA and transaction challenges in our platform, we looked to Privakey for help and they delivered. Their solution was easy to integrate and made it possible to rapidly deliver these features. Our partnership is still evolving, including through the creation of new Privakey APIs that will enable an even more seamless experience than is currently implemented for our customers. For now, the experience has a few extra steps that we wanted to help illustrate for anyone connecting Privakey to their Core EOS Auth Group and enabling MFA.
Step 1: Download the AuthWallet app from iOS or Google Play
Step 2: Go to https://signup.privakey.com/ to register with Privakey. Enter your information on the screen which should look like the below.
Step 3: Registration will result in an email with instructions to set you up with Privakey, which includes adding your admin account to the AuthWallet App using a QR code. Follow those instructions to proceed. As part of this process, you will receive a Company login URL with a GUID, hold on to that. I will look something like:
Step 4: Login to your new Privakey account using your Company URL and GUID. This will result in a challenge on your AuthWallet app. Approve the challenge.
Step 5: You will be presented with a dashboard upon login. It will look something like the below image except your company name will be listed instead of United Effects. In the example image, we already have an App Space but in yours there will not be anything there. But don’t worry, we are about to add one. Click the “create new app space” link.
Step 6: An App Space represents a unique pool of users, much like an Auth Group does on Core EOS. In fact, if you have registered more than one Auth Group with Core EOS, you can use this one Privakey account to create multiple App Spaces, one for each Auth Group. On this new screen, enter the name of your Auth Group in the App Space Name text box and make sure that the toggle under “Firebase Configuration” is to the right and the fields just below it are disabled. Lastly, enter in the URI of a logo or image to represent your Auth Group. If you like, you can copy paste the logo url you used for branding your Platform under Settings. When you’re ready to save, it will look like this:
Step 7: Once you’ve saved, you’ll end up back at the dashboard and you will see your App Space in the list. On this new screen, scroll to the bottom and click “View / Manage Admins”.
Step 8: Add yourself as an admin for the App Space. Before you can do anything else, you will need to enter your email address (the same one you used in Step 2) and add yourself as an admin for the App Space. The screen will look like the below image before you save. Once you do save, it will notify you that the screen is about to refresh. After the refresh, you will find yourself back on the Dashboard.
Step 9: Click back into the App Space and now click “View / Manage All Request Origins”. On the Request Origin screen, you should see a link that says “Create New Request Origin”. If you do not see this link, it’s possible you have not completed step 8. Click the link.
Step 10: Give your Request Origin a name, we recommend “Primary Access”, your company name, or even just the name of your Platform/Auth Group again. The most important step here is to make sure you select the Basic radio button under “Credential Type”. It should look like the below before you save.
Step 11: Almost there! You should now be looking at the configuration of your new Request Origin. At the top there is an overview and one of the fields is GUID. Save this value to use as your Privakey Client Id later. Under the overview the is a password section with a button that says “Show Password”. Click the button and save the resulting value to use as your Privakey Secret later.
Step 12: Below the password section, you will see “Configured Callback Urls”. Click “Create New Callback” and in the resulting screen, enter this callback url exactly as typed and shown in the image:
auth.unitedeffects.com/api/{*}/mfa/callback
Step 13: We have successfully configured Privakey! Now we just need to navigate to Settings in your Platform portal, enable MFA, and paste in the Privakey Client and Privakey Secret values you saved from Step 11.
https://core.unitedeffects.com/YOURALIAS
From here, your users can enable their own MFA either by clicking “Enable MFA” in their Account Dashboard (see below) or by clicking “Restore MFA” on any login page. For them the process is very quick. They will be presented with instructions including links to download the Auth Wallet app and a QR code for setup.
Alternatively, you can simply toggle the “required” switch in your platform settings and all users will be forced through MFA enablement on their first attempt at login.
We hope this functionality serves you well. Please also know that we are actively working to streamline this process further and reduce the number of steps.
Visit us at unitedeffects.com for updates and to contact us. If you need help with this flow, email us at help@unitedeffects.com.
