Set up MFA with Okta and TypingDNA Verify 2FA for your PHP App
Implement Okta 2FA or MFA
Intro
In this tutorial we will add TypingDNA Verify 2FA to a PHP application that has Okta already setup. The setup is
based on the following video created by the Okta team: https://www.youtube.com/watch?v=o7JW5uPDc5w
The steps presented in this tutorial are also explained in the video below.
Prerequisites
In order to setup Okta 2FA you will need to create a working example of TypingDNA Verify 2FA, the following actions need to be taken.
1. Create an account on typingdna.com. The Verify 2FA
dashboard will provide you with the clientId, secret and applicationId.
2. Create a localhost environment that will run php applications. For this tutorial we will use XAMPP
that can be downloaded from https://www.apachefriends.org/index.html
4. Setup ngrok. Ngrok creates a public url that will be linked to your localhost environment. For
security purposes, TypingDNA Verify 2FA will only run on a public url. Ngrok can be downloaded from the
following link: https://ngrok.com/
The first step is to configure the Okta demo to run with ngrok.
Log in to the Okta dashboard.
Under Applications select the custom application that was created as part of the demo. In this case, the
application is called TypingDNA Verify 2FA.
Edit the Sign-in redirect URIs and Sign-out redirect URIs with the ngrok link.
In the index.php file edit the $redirect_uri to contain the ngrok
link and client_idclient_secretmetadata_url with the values from
Okta Dasboard.
$client_id = 'Your_client_id';
$client_secret = 'Your_client_secret';
$redirect_uri = 'https://b286080dca95.ngrok.io';
$metadata_url = 'https://dev-53749351.okta.com/oauth2/default/.well-known/oauth-authorization-server'
// Fetch the authorization server metadata which contains a few URLs
// that we need later, such as the authorization and token endpoints
$metadata = http($metadata_url);
After the OAuth2 exchange flow, add the following code that will set the username in session and will redirect
the user to verify.php page:
Next we will add the verify.php file. First we include TypingDNAVerifyClient
library and then we initialize our variable just like we did in index.php. We also create an
TypingDNAVerifyClient instance using the credentials from Verify 2FA Dashboard and store it in $typingDNAVerifyClient
variable.
include('TypingDNAVerifyClient.php');
$client_id='your_verify_client_id';
$secret='your_verify_client_secret';
$application_id='your_verify_application_id';
$typingDNAVerifyClient = new TypingDNAVerifyClient($client_id, $application_id, $secret);
Once we have a TypingDNAVerifyClient instance, we will generate the data attributes required to
start TypingDNA Verify 2FA.
For this demo we will use the email as the root of trust and we will populate this information from the
session variable.
For simplicity, in order to verify the OTP code that will be generated, we will redirect the user to the same
page, where we will verify the code and print the response.
Our first screen will be identical from the Okta demo.
Then we will enter the username and password that we have set in Okta
Next we are presented with the TypingDNA Verify 2FA authentication page
We click the "Verify with TypingDNA" button.
After we complete the instruction from the TypingDNA Verify 2FA button we will be redirected to the
verify_otp.php page where the result will be displayed.
The success value indicates if it was a valid authentication 1 or if it was invalid
0.
You can download the source code for this demo from our GitHub repository.
For the production environment, in order to send OTPs via emails you will need to integrate your Verify 2FA account with SendGrid from the dashboard.
Share this message across Slack, email, etc. We even jotted down some of the highlights to make it easier.
Check this out! ๐ Found a cool way to 2FA our users: TypingDNA Verify 2FA. It authenticates people based on how they type โ replacing authenticator apps and OTP codes. Awesome user experience! ๐ Quick integration too (under 10 mins). And we can try it free with 100 users. What do you think? https://www.typingdna.com/verify