This document will walk you through setting up the Acceptto WordPress plugin and enabling multi-factor authentication to enhance the security of your website’s user and administrator accounts.
- 1. Download the Acceptto It'sMeTM application on your mobile device and create an account in the app.
- 2. Login to the Acceptto admin panel and navigate to the Applications tab.
- 3. Click the 'New Application' button, enter the name of your application (i.e. My Wordpress Site), enter the URL for your WordPress site, and select a color. The name and the color are what the users of your site will see in the Acceptto It'sMeTM mobile app. Within this newly created application is your UID and Secret.(See Setting Up for help.)
Installing the Plugin
Navigate to the Administration panel of your WordPress page, click the plugins tab, select ‘Add New’, then search for Acceptto.
Click on the "Install Now" button.
Activate the Plugin
After Installation, click the "Activate" button.
For this step you will need your Acceptto UID, Secret and API Host URL that you got in 'Initial Steps'. In your WordPress admin panel, click on plugins, then click on the Acceptto plugin settings.
Here you need to enter the UID, Secret and API Hostname.
In 'Enable for roles' you can specify which roles you want using multi-factor authentication. By default all roles are selected. Finally, click on the "Save Changes" button.
Enable Multi-Factor Login for User
Now you can enable multi-factor authentication for any user that has registered for an account with Acceptto. For example, let's set up your account! Click on "Users" in the WordPress Admin Panel and navigate to your profile. At the bottom of your user's profile page, there is now a field titled 'Acceptto Email' beneath 'User's Acceptto Email Address For Multi Factor'.
Set this field to your Acceptto email address which you registered, then click 'Update Profile' and your account will be multi-factor enabled. In order to try out the new functionality, 'Log Out' of WordPress and sign in again. You will be taken to a multi-factor authentication page to choose whatever authentication method you want.
Acceptto Email Field
All users now have the 'User's Acceptto Email Address For Multi Factor' section in their user profile. Select any user and click ‘Edit’. You will see at the bottom of the user a new field has been added by the plugin for ‘Acceptto Email’. This email address is the same one that is associated with the account. If the user's email address is already registered with Acceptto, then the user will experience multi-factor authentication upon their next login. If the user's email is not yet registered, then the user will be redirected to register at the Acceptto website the next time they login to your site.
After you activate and configure the Acceptto WordPress plugin, all of your current users (that aren't already registered) will be redirected to register with Acceptto the next time they login. In order to login, they must register their Acceptto account.
User Multi-Factor Authentication
After registering their Acceptto account, the user can login to their account using multi-factor authentication (see below). This is where the user chooses how they want to authenticate. They can choose between SMS, Phone Call, Email or Offline TOTP (this option requires the Acceptto It’sMe mobile application and must be configured beforehand). After selecting one of these options, the user will receive a security code to authenticate. Upon successfully entering this code the user will be logged in.
If you require assistance, please email us at firstname.lastname@example.org
Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.