So if you’re here from last week’s post, now you know What 2-Factor Authorization (2FA) and Why to Use a 2FA system to protect your users. If you missed it, you may want to check that out first. Now that we’ve got that out of the way, read on to learn how we built a 2FA process in Infusionsoft for a client of ours who wanted to be extra certain that the folks accessing their content were the intended users. In this second post, we explain how to build your own Two-Factor Authorization process using the Infusionsoft Campaign Builder.
Our Two-Factor Authorization system generates a random number each time the user logs into the website. The user is then prompted to check their phone and/or email for their special code (the random number). In this case, they receive the same code at either device, so they can easily check whichever device is easier for them to access at that time.
If the code they enter matches the auto-generated code, the user is allowed to view the content. If the code does not match, the user is prompted to try again. They will not be allowed to access the restricted content until they enter the code correctly.
What Tools Do I Need?
- We built this bit of automation in Infusionsoft by Keap
- We leverage the power of Infusionsoft’s Campaign Builder to handle the automation and emailing
- We use Fix Your Funnel to send the code to the user’s phone via SMS
- We also harness the power of iMember360 to generate the random code:
[i4w_update field=’_2FactorAuthKey’ value='[i4w_randint min=’100000′ max=’999999′}’}
The Infusionsoft sequence looks like this:
We start with an API Goal. When the website page is loaded, we fire an API goal that sends the newly generated code to the user’s phone and email using the following:
Inside the random number sequence, we use Infusionsoft and Fix Your Funnel to get the code out to the user. On the page itself, we use iMember360 shortcodes to make sure that the value of the number they entered is the same as the stored number in the system. If they match, we allow them to move forward and view the protected content. If they don’t match, we display a form that asks them for the code again.
[i4w_compare value1='’ cmp=’EQ’ value2='’}
[i4w_redirect redir=’/ela-portal’ autorun=’1′}
NOTE: If you’re following along at home, you’ll see that those close brackets aren’t quite right so we can show our work. Make sure you use [brackets] on both sides of your iMember360 shortcodes!
Here our client used 2FA to protect private resources that were only available to certain members, but there are many different reasons why you might want to use a tool like this. How could 2-Factor Authorization help you keep your clients’ data secure?