July 28th, 2021 by inflectra
Security is always a critically important topic, and if you have been following the news recently it seems there is a different cyber attack every week. Having a well developed cyber security program is a must, and as part of that, it is important that multiple layers of defense are employed to prevent a potential cyber attack or data-breach. Therefore we are pleased to announce that we have just upgraded the Inflectra website to support Multi-Factor Authentication (MFA) also known as 2-Factor Authentication (2FA) and that similar functionality will be coming very soon to SpiraTest, SpiraTeam, and SpiraPlan.
Multifactor authentication (MFA) is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user's identity for a login or other transaction. Multifactor authentication combines two or more independent credentials: what the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification methods.
The goal of MFA is to create a layered defense that makes it more difficult for an unauthorized person to access a target, such as a physical location, computing device, network, or database. If one factor is compromised or broken, the attacker still has at least one or more barriers to breach before successfully breaking into the target.
Our plan at Inflectra is to provide two independent methods for authenticating users, hence it is also an example of Two Factor Authentication (2FA). The methods we are using are as follows:
Many password managers (for example 1password) include Google Authenticator TOTP generation tools as part of their platform. We will refer this as simply the "authenticator application" in the rest of this article.
We plan on adding MFA to one of the upcoming releases of SpiraTest, SpiraTeam, and SpiraPlan. We are currently targeting our August 2021 release (v6.11) but it is still in testing as I write, so it might possibly end up in v6.12.
For Spira customers, the option to add MFA will be available for all users using either Spira native authentication (login and password) or LDAP/Active Directory authentication. It will not be available for users using OAuth-based Single-Sign-On (SSO) accounts as those providers should be providing the MFA functionality themselves.
To add MFA to your Spira account, you will simply need to log into Spira as normal and then click on the 'Add 2-Step Authentication' option on the User Profile page:
Once you have clicked on this link, you will be taken to the screen to configure MFA:
You should scan the QR Code with your authenticator application and save the TOTP generator key inside the application.
To very that the QR Code was successfully scanned, use the authenticator application to generate a sample 6-digit code and enter it in the box and click Submit.
Once that has been successfully entered, you will see the legend in your user profile change to look like the following:
You can now log out from Spira. When you next try to log in you will now be asked for:
If you want to change or remove the MFA information, you can use the 2-Step Authentication Settings link on the User Profile page:
This can be useful when you have to replace your mobile device with a new one (for example). That will require you to generate a new TOTP side for this new device.
Our company website has already been upgraded with the new MFA functionality for all users.
To add MFA to your Inflectra customer account, simply log into your customer account as normal and then click on the 'Add 2-Step Authentication' option in the sidebar:
Once you have clicked on this link, you will be taken to the screen to configure MFA:
You should scan the QR Code with your authenticator application and save the TOTP generator key inside the application.
To very that the QR Code was successfully scanned, use the authenticator application to generate a sample 6-digit code and enter it in the box and click Submit.
Once that has been successfully entered, you will see the sidebar in your customer portal change to look like the following:
You can now log out from the Inflectra website. When you log in you will now be asked for:
If you want to change or remove the MFA information, you can use the 2-Step Authentication Settings link on the Customer Area Page:
This can be useful when you have to replace your mobile device with a new one (for example). That will require you to generate a new TOTP side for this new device.
roadmap spotlight security multi-factor authentication two-factor-authentication MFA 2FA
Ask an Inflectra expert:
And if you have any questions, please email or call us at +1 (202) 558-6885
SpiraTest combines test management, requirements traceability & bug-tracking
SpiraTeam brings your teams together, managing the entire application lifecycle
SpiraPlan lets you manage your programs and portfolio of projects like never before
Orchestrates your automated regression testing, functional, load and performance
The ultimate test automation platform for web, mobile, and desktop applications
The help desk system, designed specifically for software support teams
Cloud hosted, secure source code management - Git and Subversion
Exploratory testing capture tool that automatically records your testing activity
Let us deal with the IT pain so you don't have to. Or use on-premise if you prefer.
Our customers work in every industry imaginable. From financial services to healthcare and biotech to government and defense and more, we work with our customers to address their specific needs.
Our products do not enforce a methodology on you, instead they let you work your way. Whether you work in agile development, Scrum and XP, Kanban and Lean, Waterfall, hybrid, or Scaled Agile Inflectra can help.
If you want to learn more about application delivery, testing, and more take a look at our whitepapers, videos, background papers, blog, and presentations.
Customers use our tools to help automate repetitive tasks and streamline their business processes using our Robotic Process Automation (RPA) solutions.
We collaborate with a wide range of teams to bring our customers a range of services (including load testing, training, and consultation), complimentary technologies, and specialized tools for specific industries.
Learn how different organizations have benefited from using Inflectra products to manage their software testing and application develooment.
Outstanding support is the foundation of our company. We make support a priority over all other work. Take a look at our support policy.
Discover great tips, discussions, and technical solutions from fellow customers and Inflectra's technical experts.
If you can't find the answer you're looking for, please get in touch with us: over email, phone, or online.
We are constantly creating new videos to help customers learn about our products, including through in depth webinars, all freely available along with a wide selection of presentations.
We provide a number of resources to help customers learn how to get the most out of our products, with free online resources, virtual classrooms, and face to face.
Read about Inflectra, our manifesto, and values. Meet our incredible customers who are building awesome things, and our leadership team that are committed to building a great company.
The Inflectra Blog contains articles on all aspects of the software lifecycle.
In addition we have whitepapers,
background articles, videos and
presentations to help get you started.
Events are a big part of our awesome customer service. They are a chance to learn more about us, our products, and how to level up your skills with our tools.
We partner with educational institutions and individuals all over the world. We are also a great place to work and encourage you to explore joining our team.
Please contact us with your questions, feedback, comments, or suggestions. We'll get back to you as soon as possible.
When you need additional assistance (be it training, consulting, or integration services) our global certified solution provider partner network is ready to help.
At Inflectra, we are fully committed to provide our customers with the very best products and customer service. Check out some of our recent awards.
We want to help developers extend and customize our tools to fit in with their needs. We provide robust APIs, sample code, and open source projects.