Set up users for two-step verification via email

Available functionality depends on the system you are using. See the complete feature list, which is available on the product overview page on the Milestone website (https://www.milestonesys.com/products/software/product-index/).

To impose an additional login step on users of the XProtect Mobile client or XProtect Web Client, set up two-step verification on the XProtect Mobile server. In addition to the standard user name and password, the user must enter a verification code received by email.

Two-step verification increases the protection level of your surveillance system.

In Management Client, perform these steps:

  1. Enter information about your SMTP server.
  2. Specify the verification code that will be sent to users.
  3. Assign verification method to users and Active Directory groups.

See also Requirements for user's two-step verification setup and Two-step verification tab.

Enter information about your SMTP server

The provider uses the information about the SMTP server:

  1. In the navigation pane, select Mobile Servers and select the relevant mobile server.
  2. On the Two-step verification tab, select the Enable two-step verification check box.
  3. Below Provider settings, on the Email tab, enter information about your SMTP server and specify the email that the system will send to client users when they log in and are set up for a secondary login.

For more information, see Two-step verification tab.

Specify the verification code that will be sent to users

To specify the complexity of the verification code:

  1. On the Two-step verification tab, in the Verification code settings section, specify the period within which XProtect Mobile client users do not have to reverify their login in case of, for example, a disconnected network. The default period is three minutes.
  2. Specify the period within which the user can use the received verification code. After this period, the code is invalid, and the user must request a new code. The default period is five minutes.
  3. Specify the maximum number of code entry attempts before the provided code becomes invalid. The default number is three.
  4. Specify the number of characters for the code. The default length is six.
  5. Specify the complexity of the code that you want the system to generate.

For more information, see Two-step verification tab.

Assign verification method to users and Active Directory groups

On the Two-step verification tab, in the User settings section, the list of users and groups added to your XProtect system appears.

  1. In the Verification method column, select a verification method for each user or group.
  2. In the User details field, add the delivery details, such as the email addresses of individual users. Next time the user logs into XProtect Web Client or the XProtect Mobile app, he or she is asked for a secondary login.
  3. If a group is configured in Active Directory, the XProtect Mobile server uses details, such as email addresses, from Active Directory.

    4. Windows groups do not support two-step verification.

  4. Save your configuration.

You have completed the steps for setting up your users for two-step verification via email.

For more information, see Two-step verification tab.