Try TT Now

TT User Setup

Enabling Two-factor Authentication

You are viewing TT User Setup Version 7.17 and higher. For earlier versions, click here

TT User Setup 7.17.40 and higher supports two-factor authentication via text message (SMS) and email, and 7.17.60 supports both authentication modes in the same environment.

In addition to a user password, two-factor authentication allows the administrator to require traders to provide an authentication code in order to login to X_TRADER, X_RISK, and TT User Setup. For SMS, the authentication code is sent to the trader via the SMS number configured in User Settings in TT User Setup.

Notes:

  • In X_TRADER ASP, two-factor authentication is required for a buy-side user when any one of the brokers to which the trader is connected configures the user for two-factor authentication.
  • For X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET, two-factor authentication via SMS and/or email is supported. Both authentication methods can be enabled in the same user environment via a system-level setting, but each user can only have one method enabled at a time (either SMS or email) via a user-level setting.
  • X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET can request a more or less restrictive Days an application can be trusted setting. By default, passwords expire every 90 days and after 5 days users that are required to use two-factor authentication must re-authenticate. To request a different default for your firm, please contact TT Support.

For two-factor authentication to work correctly:

  • The system must be enabled for two-factor authentication by selecting one of the following system settings:
    • SMS
    • Email
    • Both SMS and Email
  • All TT User Setup Servers must be able to connect to api.twilio.com over port 443 (SMS option).
  • All TT User Setup servers must have network access to an SMTP server that has access to either the public internet of the domain relevant to any possible email recipients (email option).
  • Individual users must be enabled for two-factor authentication. If the user is set to Email two-factor authentication, an email address must be configured. If the user is set to SMS two-factor authentication, an SMS number must be configured. In X_TRADER ASP the user's email address and SMS number are entered by the Buy-side company admin.

Enabling Two-Factor Authentication via SMS

Notes:

  • TT enables two-factor authentication at the system-level using Server Admin | System Settings for X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET. For those users, you do not need to enable two-factor authentication at the system-level -- only the user-level settings are needed.
  • When enabling via SMS, all TT User Setup Servers must be able to connect to api.twilio.com over port 443.

To enable two-factor authentication via SMS:

  1. On the Server Admin menu, select System Settings. Select the Password Rules tab.

  2. Select SMS from the Enabled two-factor authentication settings drop-down menu.

    Note: When upgrading to 7.17.40 or higher from 7.17.30 or 7.17.31, if the “Enable two-factor authentication” checkbox was checked, then the drop-down is set to Email after the upgrade. Otherwise, the default setting is None.

  3. You may optionally set the following parameters:
    • Days an application can be trusted: Sets the number of days before X_TRADER, X_RISK, and TT User Setup requests a new authentication code. A value of “0” means the user has to use two-factor for every login (no cookie is stored).
    • Minutes until two-factor authentication code expires: Sets the amount of time a user has to enter a requested authentication code. If this time expires, the user may request a new authentication code from the login dialog
    • If the user cannot access...phone number or email address: Enter an admin’s contact number or email address.
  4. Select the User Settings tab and click the Two-factor authentication checkbox to enable two-factor authentication for that user.

    Ensure that two-factor authentication via SMS is also enabled for the system.

  5. Enter an SMS Number and click Save.

    In the TT User Setup message that appears, verify that the SMS number is correct. An SMS number is required when two-factor authentication is enabled for the user and the SMS option is enabled for the system.

Enabling Two-Factor Authentication via Email

All TT User Setup servers must have network access to an SMTP server that has access to either the public internet or the domain relevant to any possible email recipients.

Note: TT enables two-factor authentication at the system-level using Server Admin | System Settings for X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET. For those users, you do not need to enable two-factor authentication at the system-level -- only the user-level settings are needed.

To enable two-factor authentication via email:

  1. On the Server Admin menu, select System Settings. Select the Password Rules tab.

  2. Select Email from the Enabled two-factor authentication settings drop-down menu.

    Note: When upgrading to 7.17.40 or higher from 7.17.30 or 7.17.31, if the “Enable two-factor authentication” checkbox was checked, then the drop-down is set to Email after the upgrade. Otherwise, the default setting is None.

  3. You may optionally set the following parameters:
    • Days an application can be trusted: Sets the number of days before X_TRADER, X_RISK, and TT User Setup requests a new authentication code. A value of “0” means the user has to use two-factor for every login (no cookie is stored).
    • Minutes until two-factor authentication code expires: Sets the amount of time a user has to enter a requested authentication code. If this time expires, the user may request a new authentication code from the login dialog
    • If the user cannot access...phone number or email address: Enter an admin’s contact number or email address.
  4. Select the Outgoing Email Settings tab.

  5. Populate the SMTP server credentials and outgoing email address as shown above.

    Note: If the SMTP server relies on a username/password to login, you must check the SMTP server requires authentication checkbox and populate the Account name and Password.

  6. Select Send Test Email to verify the email settings.

    Note: You must have an email address configured for this user in order to send the test email.

  7. You must also add a contact email address or phone number that users may use if they have issues receiving an authentication code. This contact information appears on the login dialog.
  8. Click Save and close the System Settings dialog.
  9. In the User Admin menu, select Users and double-click a user row to access the User Settings.
  10. On the User Settings tab, select Contact Information and populate the Email field with the user’s contact email information. Click Save.

    Warning: Entering the incorrect email address in this field prevents the trader from being able to login.

Enabling Two-Factor Authentication via Both SMS and Email

Notes:

  • TT enables two-factor authentication at the system-level using Server Admin | System Settings for X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET. For those users, you do not need to enable two-factor authentication at the system-level -- only the user-level settings are needed.
  • When enabling via SMS, all TT User Setup Servers must be able to connect to api.twilio.com over port 443.

To enable two-factor authentication via Both SMS and Email:

  1. On the Server Admin menu, select System Settings. Select the Password Rules tab.

  2. Select Both SMS and Email from the Enabled two-factor authentication settings drop-down menu.

    Note: When upgrading to 7.17.60 or higher from 7.17.30 or 7.17.31, if the “Enable two-factor authentication” checkbox was checked, then the drop-down is set to Email after the upgrade. Otherwise, the default setting is None.

  3. You may optionally set the following parameters:
    • Days an application can be trusted: Sets the number of days before X_TRADER, X_RISK, and TT User Setup requests a new authentication code. A value of “0” means the user has to use two-factor for every login (no cookie is stored).
    • Minutes until two-factor authentication code expires: Sets the amount of time a user has to enter a requested authentication code. If this time expires, the user may request a new authentication code from the login dialog
    • If the user cannot access...phone number or email address: Enter an admin’s contact number or email address.
  4. Select the Outgoing Email Settings tab.

  5. Populate the SMTP server credentials and outgoing email address as shown above.

    Note: If the SMTP server relies on a username/password to login, you must check the SMTP server requires authentication checkbox and populate the Account name and Password.

  6. Select Send Test Email to verify the email settings.

    Note: You must have an email address configured for this user in order to send the test email.

  7. You must also add a contact email address or phone number that users may use if they have issues receiving an authentication code. This contact information appears on the login dialog.
  8. Click Save and close the System Settings dialog.
  9. In the User Admin menu, select Users and double-click a user row to access the User Settings.
  10. Click the User Settings tab and click the Two-factor authentication dropdown menu to select either SMS or Email.
  11. If you selected Email, click Contact Information and populate the Email field with the user’s contact email information. Click Save.

    Warning: Entering the incorrect email address in this field prevents the user from being able to login.

  12. If you selected SMS, enter an SMS Number and click Save.

    In the TT User Setup message that appears, verify that the SMS number is correct.

    Warning: Entering the incorrect SMS number in this field prevents the user from being able to login.

Sending a Test SMS

After adding a text message (SMS) number to the user settings, you can send a test message via System Settings.

To send a test SMS:

  1. On the Server Admin menu, select System Settings. Select the Password Rules tab.

  2. In the Two-factor Authentication section, click Send Test SMS.

    A message indicating that the message has been sent appears. You will receive a test message from Trading Technologies at the SMS number provided in the user settings.

Switching Authentication Modes

After enabling two-factor authentication in your environment or having it enabled prior to a TT User Setup upgrade (e.g., from 7.17.30 to 7.17.60), the system allows you to switch between the different authentication modes. When switching to SMS or Email mode, the system checks for user-level authentication settings that may conflict with the modified system setting.

Note: If you receive a warning message about a user authentication mode conflict (e.g., a user is set for SMS and you are switching the system to Email), you will have to correct the user setting before switching the mode at the system level.

Because users with two-factor authentication set to Email have an email address and users set to SMS have an SMS number, the system does not need to verify the user’s email address or SMS number before switching authentication modes.

To switch authentication modes:

  1. If switching to SMS from None, Email, or Both SMS and Email, refer to Enabling Two-Factor Authentication via SMS.
  2. If switching to Email from None, SMS, or Both SMS and Email, refer to Enabling Two-Factor Authentication via Email .
  3. If switching to Both SMS and Email from None, SMS, or Email, refer to Enabling Two-Factor Authentication via Both SMS and Email.