Setup 2FA with TypingDNA Verify on a PHP web application that is using Active Directory
Goal
The aim of this tutorial is to lay out the steps for integrating TypingDNA Verify 2FA on a basic website that has a backend running in PHP. The website will use Active Directory for the username and password and TypingDNA Verify 2FA will be used as the second factor of authentication.
This is what a successful integration of TypingDNA Verify 2FA with Active Directory will look like:
Intro
In this tutorial we will build a sample web application that is using TypingDNA Verify 2FA.
The user will first introduce the username and password that will be verified by Active Directory.
Once the authentication is successful from Active Directory, the email information will be used by TypingDNA Verify for a second factor of authentication.
We will cover all technologies that are needed to run a simple demo on a local machine. The main objective of this tutorial is to focus on the TypingDNA Verify integration. For more information on how to set up Active Directory please visit the Active Directory documentation here:
In order to create a working example of TypingDNA Verify 2FA, the following actions need to be taken:
Create an account on typingdna.com. The Verify 2FA dashboard will provide you with the clientID, secret and applicationID.
Setup ngrok. Ngrok creates a public url that will link to your localhost environment. For security purposes, TypingDNA Verify 2FA will only run on a public url. Ngrok can be downloaded from the following link: https://ngrok.com/.
Create an account on the Azure portal. https://portal.azure.com (a trial membership is available on Azure and it can be used to implement this tutorial).
Create a localhost environment that will run php applications. For this tutorial we will use XAMPP that can be downloaded from https://www.apachefriends.org/index.html.
Active Directory Configuration
For this tutorial we will use the simple login Active Directory directory that was created by Kevin Schroeder. More information can be found on the following github page: https://github.com/magium/active-directory.
Run the following command:
composer require magium/active-directory
Create an index.php file in the root directory. Add the following code:
Select App registrations from the left hand side menu:
Select New registration.
Type the name of your application and under Supported account types select the option “Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype Xbox)”
Click on the Register button.
Copy the Application (client) ID to your code.
From:
To:
Select the Certificates and secrets item from the left-hand side menu:
Select New client secret button.
Select a description and an expiration period. Then copy the key value
From:
To:
Next update the directory value to be ‘common’. And add another value in the configuration called return_url that will have the location of the current index.php file.
TypingDNA Verify 2FA will return a payload that will contain the one time password that is generated. For simplicity, in this demo we will navigate to another page and we will pass the one time password as a parameter in the link.
The final version of the index.php will look like this:
Next we will look at the verify_otp.php file. First we will initialize our variable, just like we did in verify.php.
<?php
include('TypingDNAVerifyClient.php');
$typingDNAVerifyClient = new TypingDNAVerifyClient($client_id, $application_id, $secret);
?>
In order to validate that the one time password is correct we will use the validateOTP function that will make an API call to the TypingDNA server if the one time password is correct.
Share this message across Slack, email, etc. We even jotted down some of the highlights to make it easier.
Check this out! 🚀 Found a cool way to 2FA our users: TypingDNA Verify 2FA. It authenticates people based on how they type — replacing authenticator apps and OTP codes. Awesome user experience! 🙌 Quick integration too (under 10 mins). And we can try it free with 100 users. What do you think? https://www.typingdna.com/verify