Enabling Two-factor Authentication

TT User Setup Documentation

Getting Started
- What's New in TT User Setup?
- Upgrade Considerations
- X_TRADER® ASP Overview
- Using the Control Panel
- Introduction to TT User Setup
- Logging Into TT User Setup
- Two-Factor Authentication
- Using the Menu Options
- Data Grid Functionality
- Guides and Additional Materials
User Administration Basics
- User Administration Basics
- NewUser and Edit User Window Fields
- Copying Users
User Administration: Administrative Users
- Creating and Editing Administrative Users
- Creating a Super Administrator
- Creating a Broker Administrator - X_TRADER ASP
- Allowing Buy-side Administrators to Manage Product Limits (X_TRADER ASP)
- Creating a Group Administrator (non-X_TRADER ASP only)
- Creating a Gateway Login Administrator (non-X_TRADER ASP only)
- Creating a Password Administrator (non-X_TRADER ASP only)
- Creating a View Only User
- Creating a Collect Log Files Only User
- Configuring the Outgoing Email Settings
User Administration: X TRADER® Or X RISK® Users
- Creating and Editing X_TRADER or X_RISK Users
- Applying Basic User Properties
- Customizing Billing Data for a User - X_TRADER ASP only
- Configuring User Risk Settings for a User
- Setting Application Permissions
- SettingTrade Permissions
- Creating and Managing X_TRADER Customer Defaults
- Customer Defaults and Algo Defaults MiFID II
- Allowingor Blocking Product Groups for Specific Markets
- Applying X_RISK Permissions
- Creating a New Gateway Login through the Users Window
- Generating a Gateway Login for all Gateways
- Assigning Gateway Logins to a User Through the Users Window
- Setting Account Permissions
User Administration: FIX Adapter
- TT FIX Adapter and TT User Setup Overview
- Setting Up a TT FIX Adapter Server (non-X_TRADER ASP)
- SettingUp a FIX Adapter Client User
- Setting Up an AccountDefault
- FIX Adapter Account Defaults MiFID II
- Assigning TT FIX Adapter Client(s) to a FIX Adapter Server
- Allowing or Blocking Product Groups for a FIX Adapter User
User Maintenance
- How to Maintain Users
- Unlocking Users and Resetting Passwords
- Auto Generating and Emailing a User's Password
- Forcing a User Logoff
- Activating and Deactivating Users
- Configuring and Running Diagnostic Checks
- Updating the Supported Product Groups List
Gateway Login Administration Basics
- Gateway Logins Overview
- Assign to Available Users Window Field Descriptions
- Gateway Login Window Field Descriptions
- Customizing the Gateway Logins Window
Creating Gateway Logins
- Creating a New Gateway Login
- Assigning the MemberGroupTrader ID
- Disabling Start-of-Day Records
- Assigning Gateways to Gateway Logins
- Mapping a TTORD to an Exchange Trader
- Adding Gateways to Existing TTORDs
- Assigning Accounts
- Configuring Risk
- AssigningUsers to a Gateway Login
- Editing a User's Gateway Login Attributes
- Assigning Gateways to Multiple Gateway Logins
Account Group Administration
- Account Group Administration Overview
- Creating Account Groups
- Assigning Accounts to an Account Group
Account Administration
- Account Administration Overview
- Creating Accounts
- Assigning One or More Accounts to an Account Group
Order Passing Group Administration (X_TRADER ASP)
- Order Passing Group Administration Overview
- Creating Order Passing Groups
- Assigning Users to an Order Passing Group
Gateway Login Risk Administration
- Risk and Administration Overview
- Product Limits Overview
- Configuring Gateway Login Risk
- Creating Product Limits for Gateway Logins
- Copying Product Limits to Additional Gateways or Gateway Logins
Account And Account Group Risk Administration
- Adding Account-Level Risk Checking
- Adding Account Group-Level Risk Checking
- Creating Product Limits for Accounts and Account Groups
- Enabling Duplicate Order Check for Accounts and Account Groups
- Creating Contract Level Overrides
- Contract Limits Overview
- Creating Margin Limits for Accounts and Account Groups
- Applying Account-BasedRisk to Wholesale Trades
- Configuring Wholesale Order Overrides
- Copying Product Limits to Additional Accounts or Account Groups
- Copying Account-Based Product Limits to Additional Gateways
- Copying MGT-based Product Limits to Account-Based Product Limits
User Level Risk Checking
- Adding User-Level Risk Checking
- Setting Pre-Trade Price Controls
- Setting Order Throughput Controls
User Group Administration
- User Group Administration Overview
- Creating User Groups
- Creating User Groups for Order Passing
- Assigning Users to a User Group
- Assigning User Groups to Gateway Logins
- Assigning User Groups to an Account
Publishing To Guardian
- Publishing to Guardian in a non-X_TRADER ASP environment
- Displaying Detailed Differences
- Understanding Publish Warnings
Server Administration
- Disabling Trading for a Trading Environment
- Collecting Log Files
- Using Version Control Rules
- Resetting the Guardian Exchange Tree (non-X_TRADER ASP only)
- Editing the Currency Exchange Rates
- Adding and Deleting Currencies
- Editing Product Margins
- Viewing and Clearing Product Margin Conflicts
- Viewing and Publishing Licenses
- Migrating Users to a New Gateway
- Understanding Server Messages
- System Settings
- Enabling Two-factor Authentication
Reports
- Displaying and Exporting Reports
- Tracking the TT Product Version Number
- Using Audit Trail to Track Database Updates
- Displaying Logged in Users
- Viewing Server Messages
- Displaying Running Servers
- Viewing Server Status
- Generating an ICE Product Groups Report
Tutorials
- How to Setup a New User Who Will Trade Using a TTORD Gateway Login
- How to Map an Additional Gateway Login to an Existing TTORD User
- How to Set Up an Administrator Who Uses Both X_RISK and TT User Setup
- How to Set Up a Third-party Risk Administrator
- How to Create a New User by Copying an Existing User
- How to Assign Existing Product Limits to Other Gateway Login IDs Simultaneously
- How to Change Multiple Product Limit Values Simultaneously
- How to Set Up Customer Defaults
- How to Update Customer Defaults Across Multiple Users Simultaneously
- How to Change the Message Users Receive When Their Logins Fail
- How to Use Wildcard Characters in Filters
- How to Set Up a Tiered Administrator
- How to Set Up a Drop Copy TT FIX Adapter Server and Corresponding FIX Adapter Clients
- How to Set Up an Order Routing TT FIX Adapter Server and Corresponding FIX Adapter Clients
- How to Set up a User for Autospreader SE or Synthetic SE
- Creating TT SIM Credit Limits and Product Limits
Appendix
- Field Descriptions
- Context Menus
- Shortcut Keys
- TT User Setup Feature and TT Product Compatibility

You are viewing TT User Setup Version 7.17 and higher. For earlier versions, click here

TT User Setup 7.17.40 and higher supports two-factor authentication via text message (SMS) and email, and 7.17.60 supports both authentication modes in the same environment.

In addition to a user password, two-factor authentication allows the administrator to require traders to provide an authentication code in order to login to X_TRADER, X_RISK, and TT User Setup. For SMS, the authentication code is sent to the trader via the SMS number configured in User Settings in TT User Setup.

Notes:

In X_TRADER ASP, two-factor authentication is required for a buy-side user when any one of the brokers to which the trader is connected configures the user for two-factor authentication.
For X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET, two-factor authentication via SMS and/or email is supported. Both authentication methods can be enabled in the same user environment via a system-level setting, but each user can only have one method enabled at a time (either SMS or email) via a user-level setting.
X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET can request a more or less restrictive Days an application can be trusted setting. By default, passwords expire every 90 days and after 5 days users that are required to use two-factor authentication must re-authenticate. To request a different default for your firm, please contact TT Support.

For two-factor authentication to work correctly:

The system must be enabled for two-factor authentication by selecting one of the following system settings:
- SMS
- Email
- Both SMS and Email
All TT User Setup Servers must be able to connect to api.twilio.com over port 443 (SMS option).
All TT User Setup servers must have network access to an SMTP server that has access to either the public internet of the domain relevant to any possible email recipients (email option).
Individual users must be enabled for two-factor authentication. If the user is set to Email two-factor authentication, an email address must be configured. If the user is set to SMS two-factor authentication, an SMS number must be configured. In X_TRADER ASP the user's email address and SMS number are entered by the Buy-side company admin.

Enabling Two-Factor Authentication via SMS

Notes:

TT enables two-factor authentication at the system-level using Server Admin | System Settings for X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET. For those users, you do not need to enable two-factor authentication at the system-level -- only the user-level settings are needed.
When enabling via SMS, all TT User Setup Servers must be able to connect to api.twilio.com over port 443.

To enable two-factor authentication via SMS:

On the Server Admin menu, select System Settings. Select the Password Rules tab.
Select SMS from the Enabled two-factor authentication settings drop-down menu.
Note: When upgrading to 7.17.40 or higher from 7.17.30 or 7.17.31, if the “Enable two-factor authentication” checkbox was checked, then the drop-down is set to Email after the upgrade. Otherwise, the default setting is None.
You may optionally set the following parameters:
- Days an application can be trusted: Sets the number of days before X_TRADER, X_RISK, and TT User Setup requests a new authentication code. A value of “0” means the user has to use two-factor for every login (no cookie is stored).
- Minutes until two-factor authentication code expires: Sets the amount of time a user has to enter a requested authentication code. If this time expires, the user may request a new authentication code from the login dialog
- If the user cannot access...phone number or email address: Enter an admin’s contact number or email address.
Select the User Settings tab and click the Two-factor authentication checkbox to enable two-factor authentication for that user.
Ensure that two-factor authentication via SMS is also enabled for the system.
Enter an SMS Number and click Save.
In the TT User Setup message that appears, verify that the SMS number is correct. An SMS number is required when two-factor authentication is enabled for the user and the SMS option is enabled for the system.

Enabling Two-Factor Authentication via Email

All TT User Setup servers must have network access to an SMTP server that has access to either the public internet or the domain relevant to any possible email recipients.

Note: TT enables two-factor authentication at the system-level using Server Admin | System Settings for X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET. For those users, you do not need to enable two-factor authentication at the system-level -- only the user-level settings are needed.

To enable two-factor authentication via email:

On the Server Admin menu, select System Settings. Select the Password Rules tab.
Select Email from the Enabled two-factor authentication settings drop-down menu.
Note: When upgrading to 7.17.40 or higher from 7.17.30 or 7.17.31, if the “Enable two-factor authentication” checkbox was checked, then the drop-down is set to Email after the upgrade. Otherwise, the default setting is None.
You may optionally set the following parameters:
- Days an application can be trusted: Sets the number of days before X_TRADER, X_RISK, and TT User Setup requests a new authentication code. A value of “0” means the user has to use two-factor for every login (no cookie is stored).
- Minutes until two-factor authentication code expires: Sets the amount of time a user has to enter a requested authentication code. If this time expires, the user may request a new authentication code from the login dialog
- If the user cannot access...phone number or email address: Enter an admin’s contact number or email address.
Select the Outgoing Email Settings tab.
Populate the SMTP server credentials and outgoing email address as shown above.
Note: If the SMTP server relies on a username/password to login, you must check the SMTP server requires authentication checkbox and populate the Account name and Password.
Select Send Test Email to verify the email settings.
Note: You must have an email address configured for this user in order to send the test email.
You must also add a contact email address or phone number that users may use if they have issues receiving an authentication code. This contact information appears on the login dialog.
Click Save and close the System Settings dialog.
In the User Admin menu, select Users and double-click a user row to access the User Settings.
On the User Settings tab, select Contact Information and populate the Email field with the user’s contact email information. Click Save.
Warning: Entering the incorrect email address in this field prevents the trader from being able to login.

Enabling Two-Factor Authentication via Both SMS and Email

Notes:

TT enables two-factor authentication at the system-level using Server Admin | System Settings for X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET. For those users, you do not need to enable two-factor authentication at the system-level -- only the user-level settings are needed.
When enabling via SMS, all TT User Setup Servers must be able to connect to api.twilio.com over port 443.

To enable two-factor authentication via Both SMS and Email:

On the Server Admin menu, select System Settings. Select the Password Rules tab.
Select Both SMS and Email from the Enabled two-factor authentication settings drop-down menu.
Note: When upgrading to 7.17.60 or higher from 7.17.30 or 7.17.31, if the “Enable two-factor authentication” checkbox was checked, then the drop-down is set to Email after the upgrade. Otherwise, the default setting is None.
You may optionally set the following parameters:
- Days an application can be trusted: Sets the number of days before X_TRADER, X_RISK, and TT User Setup requests a new authentication code. A value of “0” means the user has to use two-factor for every login (no cookie is stored).
- Minutes until two-factor authentication code expires: Sets the amount of time a user has to enter a requested authentication code. If this time expires, the user may request a new authentication code from the login dialog
- If the user cannot access...phone number or email address: Enter an admin’s contact number or email address.
Select the Outgoing Email Settings tab.
Populate the SMTP server credentials and outgoing email address as shown above.
Note: If the SMTP server relies on a username/password to login, you must check the SMTP server requires authentication checkbox and populate the Account name and Password.
Select Send Test Email to verify the email settings.
Note: You must have an email address configured for this user in order to send the test email.
You must also add a contact email address or phone number that users may use if they have issues receiving an authentication code. This contact information appears on the login dialog.
Click Save and close the System Settings dialog.
In the User Admin menu, select Users and double-click a user row to access the User Settings.
Click the User Settings tab and click the Two-factor authentication dropdown menu to select either SMS or Email.
If you selected Email, click Contact Information and populate the Email field with the user’s contact email information. Click Save.
Warning: Entering the incorrect email address in this field prevents the user from being able to login.
If you selected SMS, enter an SMS Number and click Save.
In the TT User Setup message that appears, verify that the SMS number is correct.

Warning: Entering the incorrect SMS number in this field prevents the user from being able to login.

Sending a Test SMS

After adding a text message (SMS) number to the user settings, you can send a test message via System Settings.

To send a test SMS:

On the Server Admin menu, select System Settings. Select the Password Rules tab.
In the Two-factor Authentication section, click Send Test SMS.
A message indicating that the message has been sent appears. You will receive a test message from Trading Technologies at the SMS number provided in the user settings.

Switching Authentication Modes

After enabling two-factor authentication in your environment or having it enabled prior to a TT User Setup upgrade (e.g., from 7.17.30 to 7.17.60), the system allows you to switch between the different authentication modes. When switching to SMS or Email mode, the system checks for user-level authentication settings that may conflict with the modified system setting.

Note: If you receive a warning message about a user authentication mode conflict (e.g., a user is set for SMS and you are switching the system to Email), you will have to correct the user setting before switching the mode at the system level.

Because users with two-factor authentication set to Email have an email address and users set to SMS have an SMS number, the system does not need to verify the user’s email address or SMS number before switching authentication modes.

To switch authentication modes:

If switching to SMS from None, Email, or Both SMS and Email, refer to Enabling Two-Factor Authentication via SMS.
If switching to Email from None, SMS, or Both SMS and Email, refer to Enabling Two-Factor Authentication via Email .
If switching to Both SMS and Email from None, SMS, or Email, refer to Enabling Two-Factor Authentication via Both SMS and Email.