![]() ![]() The end-user logs in with username and password, and initializes the Setup of 2 factor auth via the User Options button, scans the QR code, and hits the Confirm button. In User Manager the user doesn't have the "Two factor OTP/SMS authentication" option enabled Next time won't get an email, and at the token popup enters the 6-digit code generated by Google Authenticator. A popup will be prompted asking for the email-based token, then the user is allowed to log in and initialize the Setup of 2 factor auth via the User Options button. The end-user enters its username and password on the login page. In User Manager the "Two factor OTP/SMS authentication" option is enabled by the admin. The option of "Google Authenticator Auto Enable" on Preferences -> General Settings -> OTP section is left in disabled state. In the background, CrushFTP writes the Two factor authentication Secret to the user account and takes care of enabling the "Two factor OTP/SMS authentication" option for the user. The end-user logs in with username and password, and initializes the "Setup of 2 factor auth" via the User Options button, scans the QR code, and hits the Confirm button. In User Manager the "Two factor OTP/SMS authentication" option is disabled. The option of "Google Authenticator Auto Enable" on Preferences -> General Settings -> OTP section is enabled (B on the first screenshot). This is the easiest method for the admin. Also, the server needs to have a working SMTP relay configured on Preferences -> General Settings -> SMTP section.ġ. for the 2nd option the user account has to be configured with an email address. on Preferences -> General Settings -> OTP section the "Validated Logins" option must be enabled (A on the first screenshot) This can be enabled on the "default" template account or on the group template account so all other users will inherit the setting from the template user. in the User Manager -> user -> Webinterface -> Available customizations section the "Enable two factor registration" is set to True. a working Google Authenticator app on a mobile device Possible scenarios regarding the cooperation of admin and the end-user: # Once a secret key has been saved from the QR code, and confirmed, it can only be reset by a server administrator. WARNING: the QR code is valid for one minute, if the time window is missed you will need to generate new, or it will not save. Then save the user settings by clicking the Confirm button in the UI. ![]() Then open Authenticator on the mobile device, set up a new account, choose to scan barcode, point the device towards the screen, and read in the QR code. The user will need to log in normally, generate the QR code from the client UI User Options menu. The second step is to configure the user account with Two Factor AuthenticationĪnd enable the two factor QR code generator which will appear in the user's User Options menu when they are logged in. The user needs to be able to log in at least once, without OTP, or with the other OTP settings. You will need to enable one of our OTP methods, using SMS or Mail based OTP, and enable the Validated logins checkbox. The user can register a QR code into Google Authenticator or Microsoft Authenticator app. In CrushFTP version 10 we can integrate our One Time Password ( OTP) based authentication feature with Google's and Microsoft's software-based token device Google Authenticator and Microsoft Authenticator, using Time based OTP (TOTP). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |