Twilio Authy

Cloud CMS supports Twilio Authy for Multifactor Authentication.

To configure Authy, you will need to supply the following:

  • apiUrl
  • apiSecret

These values are available from your Authy Settings page.

Service Descriptor

If you're adding an Authenticator via a Service Descriptor:

  • the Descriptor Type should be TWILIO_AUTHY.
  • the Descriptor Configuration should look like this:
{
    "enabled": true,
    "providerType": "authy",
    "providerConfig": {
        "apiKey": "MY_API_KEY",
        "apiUrl": "MY_API_URL"
    }
}

Where

  • MY_API_KEY (required) is your Authy API Key
  • MY_API_URL (optional) is your Authy endpoint URL (default is https://api.authy.com)

Here is a screenshot of some sample settings:

[object Object]

Global Settings

You can set up system-wide Authy configuration by adjusting the following in your docker.properties file:

org.gitana.platform.services.authenticator.authy.apiKey=
org.gitana.platform.services.authenticator.authy.apiUrl=

These settings will be used for any system-defined or service descriptor-defined Authenticators that do not provide these values.

System Authenticator

You can also instantiate system Authenticators like this: 

<bean id="authyAuthenticatorRegistrar" class="org.gitana.platform.services.authenticator.AuthyAuthenticatorRegistrar">
    <property name="id"><value>MY_AUTHENTICATOR_ID</value></property>
    <property name="apiKey"><value>MY_API_KEY</value></property>
    <property name="apiUrl"><value>MY_API_URL</value></property>
</bean>

Where

  • MY_API_KEY (required) is your Authy API Key
  • MY_API_URL (optional) is your Authy endpoint URL (default is https://api.authy.com)

The MY_AUTHENTICATOR_ID value must be unique across all Authenticator instances for a given type.

These Authenticators will be available to your platform and can defined and maintained within your Spring config.

Authy Binding Properties Factory

Use the AuthyAuthenticatorBindingPropertiesBeanFactory bean to create Authy-specific binding properties.

Like this:

<bean class="org.gitana.platform.services.authenticator.authy.AuthyAuthenticatorBindingPropertiesBeanFactory">
    <property name="authyId"><value>AUTHY_ID</value></property>
</bean>

Authy Descriptor Factory

Use the AuthyAuthenticatorDescriptorBeanFactory bean to create Authy-specific descriptors.

Like this:

<bean class="org.gitana.platform.services.authenticator.authy.AuthyAuthenticatorDescriptorBeanFactory">
    <property name="id"><value>MY_AUTHENTICATOR_ID</value></property>
</bean>

Example: Configure the Admin User to use Authy Security

Start by defining an authenticator called test:

<bean class="org.gitana.platform.services.authenticator.authy.AuthyAuthenticatorRegistrar">
    <property name="id"><value>test</value></property>
    <property name="apiKey"><value>API_KEY</value></property>
    <property name="apiUrl"><value>API_URL</value></property>
</bean>

Then bind the admin user to the authenticator using our factories from above:

<bean class="org.gitana.platform.services.authenticator.BindAdminUserSystemAuthenticator">
    <property name="bindingProperties">
        <bean class="org.gitana.platform.services.authenticator.authy.AuthyAuthenticatorBindingPropertiesBeanFactory">
            <property name="authyId"><value>AUTHY_ID</value></property>
        </bean>
    </property>
    <property name="descriptor">
        <bean class="org.gitana.platform.services.authenticator.authy.AuthyAuthenticatorDescriptorBeanFactory">
            <property name="id"><value>test</value></property>
        </bean>
    </property>
</bean>