Development Archives - MIDAS - Room Booking System

Category: Development

Authenticator App Support

Filed Under: Development by midas — Comments Off

November 25, 2024

Two-Factor Authentication (sometimes referred to as 2FA) is a more secure method of logging into websites or online services.

Traditionally, when you “log in” to a website or online service, you enter your username (typically your email address) and password. Then you click a button, and if the details you enter are valid, you’re logged in.

Unfortunately, many people reuse the same credentials (username / password combination) again and again for multiple websites and online services. The danger of this is that if one of those services gets “hacked” or suffers a data breach where user credentials are exposed, an attacker could potentially then access all other websites and online services that that person uses.

Two-factor authentication combats this. It does so by employing a secondary means of authentication in addition to the traditional username / password combination in order to authenticate a user’s access.

This means that even if a user’s password has been compromised, an attacker couldn’t then this to gain access to someone’s account.

Two Factor Authentication in MIDAS

Since 2015, all MIDAS room booking systems have included optional two-factor authentication. If enabled, this adds an additional layer of account security to our software.

With Two-Factor Authentication enabled, each time a user logins in, a code is sent to their email inbox. The user must then enter this code into MIDAS in order to complete their log in.

But starting with MIDAS v4.38, we’re improving 2FA options and support in our software!

MIDAS v4.38 (and later) now support authenticator apps – including Google Authentication and Microsoft Authenticator – as an alternative 2FA login option to email.

Per User Two Factor Authentication Settings

Previously, the 2FA option in MIDAS was a ‘global’ setting. This meant that it could be enabled or disabled for all user accounts at once. It was not possible to have ‘per account’ 2FA settings.

We’ve made this more flexible for MIDAS v4.38!

Now, administrators can set whether 2FA is enabled for each individual user account. The 2FA option for each account can also be set.

Available 2FA options are now:

Authenticator App
Email

Enabling 2FA Authenticator App Globally in MIDAS

To globally turn on 2FA for all users, administrators can go to MIDAS Admin Options > Manage MIDAS > Security. In the “Two Factor Authentication (2FA)” section, tick the “Enable Two-Factor Authentication For All Users?” box, and then select the “Authenticator App” option:

Global Two-Factor Authentication Options - now includes authenticator apps — Global Two-Factor Authentication Options – now includes authenticator apps

Click “Save Changes” and 2FA via Authenticator Apps will be enabled for all user accounts.

Enabling 2FA Authenticator App For Individual User Accounts

2FA options are also available on a per-user account basis. Administrators can enable, disable, or change the 2FA method on a user account by going to MIDAS Admin Options > Manage Users & Permissions.

Select the user account you wish to enable 2FA for, and choose “Authenticator App” from the “2FA Login” setting:

New per-user Two-Factor Authentication Options

Then click “Save Changes”.

How 2FA via an Authenticator App Works

When 2FA authentication via authenticator apps has been enabled on a user’s account, the next time they login, they’ll be presented with a QR Code to scan with their authenticator app:

Setting up your authenticator app upon first login

If they’re unable to scan the QR Code a ‘secret key’ is also provided which can be manually entered into authenticator apps.

The user’s authenticator app will then generate a 6 digit code which they can enter into MIDAS to complete their login.

The QR Code / Secret Key needs only to be scanned/entered into the user’s authenticator app once upon first use. For subsequent logins, the user will simply need to enter the 6 digit code generated by their authenticator app:

Entering a OTP generated by your authenticator app to complete login

Supported Authenticator Apps

Popular FREE authenticator apps supported by MIDAS include:

Google Authenticator (available for Android and iOS)
Microsoft Authenticator (available for Android and iOS)
Apple Passwords App (included starting with iOS 18 and macOS Sequoia)
2FAGuard (available for Windows)
2fast (available for Windows)
Authme (available for Linux, macOS, and Windows)
FirstOrder Authenticator (available for Android, iOS, macOS, and Windows)
KeePassXC (available for MacOS, Windows, and Linux)
Password Manager SafeInCloud (available for Android, iOS, macOS, and Windows)
Protecc (available for Windows)
SafeNet MobilePASS+ (available for Android, iOS, and Windows)

However, any OTP authenticator app which generates Timed One-Time Passwords (TOTP) derived from a shared secret value and the current time should be compatible. TOTP codes are typically six digits long and change every 30 seconds.

Resetting 2FA

If a user looses their authenticator app, an administrative user in a MIDAS system can change the user’s 2FA method, or reset their authenticator token. By resetting a user’s authenticator token, the next time the user logs in, they’ll be presented with a brand new QR Code/Secret Key to enter into their authenticator app.

Availability

2FA login authentication has been available since MIDAS v4.10 (2015). However, this implementation is limited to authentication codes sent to users via email. 2FA could also only be enabled globally (for all user accounts)

2FA login authentication via either email or authenticator apps is available in MIDAS v4.38 or later. These options can be enabled globally, or an a per user account basis.

Tags: google, microsoft, security, v4.38

Include Date Notes on booking print outs

Filed Under: Development by midas — Comments Off

August 26, 2024

The “Date Notes” feature allows you to attach notes to a single date, or a range of dates within your booking system.

These notes are then shown to all users who navigate to that date (or to a date within that range).

This can be used to remind other users of special dates, when your closed for public holidays, or other activities or notable events to be aware of on certain dates.

Dates with notes associated with them are also indicated on the Booking Availability screen where they can be quickly viewed before new bookings are added.

MIDAS v4.37 introduces a new setting which now also allows you to include date notes on your booking print outs.

This new setting may be found under MIDAS Admin Options → Manage MIDAS → Print → Include Date Notes on printouts.

Tags: print, v4.37

Updates to our “Reviews” addon

Filed Under: Development by midas — Comments Off

August 22, 2024

This week we’ve released an update to the optional “Reviews” addon for MIDAS.

If you’re not familiar with this addon, it allows your business to automatically collect feedback, reviews, and ratings on independent review sites from the customers who hire and book your facilities.

How the Reviews addon works

The “Reviews” addon works by automatically notifying an independent review collection platform after a client’s booking has taken place at your facilities. The review platform then in turn sends out an invitation by email to your client asking them to leave a review or rating of their experience with your business on their website.

Supported Review Platforms

First released in 2020, initially integration was supported for four independent review platforms by our addon. This was further increased to five review platforms in 2022.

As our Reviews addon integrates with independent, third party review and rating services, our addon is reliant on these services remaining active.

Latest updates to our Reviews addon

Recently, the “Psydro” review platform appears to have closed. It’s main website has been timing out and returning errors for a while now. Whilst there’s been no official statement from Psydro, given their website had been inaccessible for some time, we believe this platform is now dead. Consequently, we have now dropped support for Psydro.

There’s also something strange going on with the “collect-reviews” website. Recently, it’s content has changed to a Thai gambling site. Again, there’s been no official statement from the collect-reviews team. It is therefore not known if they’ve sold their domain, or if it’s been hacked. Either way, it’s clear that right now their website is not the review platform it was previously. Consequently, we have now also dropped support for “collect-reviews”.

Finally, “TrustSpot” has recently rebranded to become “RaveCapture”. TrustSpot was one of the review platforms our addon supported from the outset. According to the TrustSpot/RaveCapture team, other than a name and logo change, nothing else has changed. The platform’s functionality remains the same. We’ve therefore updated the name and logo in our Reviews addon to reflect this rebrand.

In addition to RaveCapture/TrustSpot, our addon continues to support the Reviews.io and TrustPilot platforms too!

How to get the Reviews addon

If you’d like to get reviews from users of your facilities on popular review sites like TrustPilot, then the Reviews addon for MIDAS is for you!

This optional addon is available for both cloud hosted and self hosted MIDAS booking systems.

To add this addon to your existing MIDAS system, simply go to mid.as/upgrade.

If you’re not yet using MIDAS to handle your bookings and scheduling, you can get MIDAS today with the Reviews addon.

Tags: addons

Better support for “shared” email addresses

Filed Under: Development by midas — Comments Off

August 21, 2024

One of the great features of our software is that it can allow visitors to your website to check room availability. They can then make an online booking (or booking request) for use of your facilities.

As this can be done without requiring a login or a user account. When making a “public” booking/request, the person simply needs to enter their details. This will typically include their name and contact email address.

When a public web booking/request is made, MIDAS checks the email address that’s been entered against its existing client database.

If a single matching client with the same email address already exists in the client database, MIDAS will associate the booking/request with that existing client.

This negates the need for a person to have to re-enter all their information (i.e. address, phone number, etc) each time they make a web booking or request.

MIDAS can also be configured to allow a person to update their information each time they make a web booking or request, if you so desire.

Multiple clients with the same email address

But what if there is more than one existing client in the database with the same email address as the person making the web booking / request?

In these instances, MIDAS will not only compare the email address given, but also the client and organization names provided.

If there is a single exact match based on this additional information, MIDAS will associated the booking/request with the one matching client.

Again, MIDAS can be configured to update the existing client record at time of web booking / request with new details supplied by the individual.

The problem

There is however an “edge case” where the above options don’t quite go far enough.

Take for example an individual who uses their personal email address to make web bookings or requests for multiple different organizations they’re associated with.

That’s no problem if there are existing client records for the client for each of their organizations. But it becomes an issue if this is a brand new client, or a client with just a single existing client record under one of their organizations.

Here’s an example to illustrate:

Let’s say Jeff is associated with two organizations – let’s call them “A” and “B”.

Let’s also assume that Jeff is a brand new client. There is therefore currently no client record with the same email address existing in your MIDAS system.

Jeff makes a booking request using his personal email address on behalf of organization “A”. A new client record is created for Jeff using this information.

A short while later, Jeff makes another booking request. He uses his personal email address again, but this time he’d like to make a request for organization “B”.

When Jeff makes his second request, MIDAS will see that there is already a single client in its database matching Jeff’s email address. At this point one of two things will happen, based on whether the “Allow client record updates” setting has been enabled in MIDAS.

If the “Allow client record updates” option is disabled, MIDAS will reuse Jeff’s original details (i.e. organization “A”). This will result in both his booking requests being for organization A.

If the “Allow client record updates” option is enabled, MIDAS will update Jeff’s original details (i.e. to become organization “B”). This will result in both his booking requests being for organization B.

…but that’s not what we want! We want his first request to be for organization A, and his second for organization B.

The solution

Instances of someone making web bookings / requests on behalf of different organizations but using the same email address are uncommon. But we still wanted to better accommodate this scenario.

So for MIDAS v4.37 we’ve introduced a new “Account for multiple clients/organizations sharing the same email address” setting.

Enabling this setting will automatically create additional client records for each client/organization variant using the same email address.

The result – in our illustrative example above – would be that Jeff can make booking request for either organization A or B (or even a future organization C) using his personal email address without issue.

Tags: email, public booking requests, v4.37