Applaud uses Twilio's Authy system for two-factor authentication using SMS-based time-based one-time passcodes (TOTP).
Essentially:
- After logging in, the app will check whether the requested user must authenticate with 2FA. If they're not, they're simply redirected to their destination.
- If the user requires 2FA, the app checks if the user is already registered for 2FA or not. If they're not registered, it will first ask them to register a phone number for 2FA (see later). This will register them as Twilio users.
- Once registered, the app will send a request to Twilio to issue a token, and the user will be asked to enter the token sent to their registered SMS device.
- The app will then communicate with Twilio to validate that the token is valid and redirect the user to their destination.
You will be responsible for any SMS-based charges associated with using two-factor authentication.
The Oracle database tier will require an HTTPS connection to Applaud Cloud to enable Twilio integration.