2FA is additional security mechanism to protect the user from fraudulent act. Bahmni uses basic authentication (username, password) from OpenMRS so far. However, it is optimal to have additional security mechanisms to protect users from fraudulent acts. Thus we are introducing 2FA in Bahmni. This feature is optional for an implementation. When this feature is enabled then the user will be authenticated with username and password first and on success, the user will get an SMS with an OTP to his/her registered mobile. The user has to authenticate with the OTP before proceeding to use the system.
The generated OTPs use Java's SecureRandom (see details of the implementation here). The OTPs and all operations like generation, validation, expiry are handled in memory only. There is no database involved.
1. Enable/disable 2FA
To enable/disable 2FA, add the following snippet in the /etc/bahmni-installer/setup.yml file before Bahmni installation.
2. Add SMS gateway service
Bahmni gives flexibility add SMS gateway service to the implementer.