Difference between revisions of "AppSuite:Multifactor"

(Created page with " = Multifactor Authentication (since 7.10.2) = Appsuite version 7.10.2 provides methods for users to require secondary, additional methods of authentication before creating a...")
 
 
(3 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
= Multifactor Authentication (since 7.10.2) =
 
= Multifactor Authentication (since 7.10.2) =
  
Appsuite version 7.10.2 provides methods for users to require secondary, additional methods of authentication before creating a valid Appsuite session.  These methods may include SMS messages, Time based authenticator methods, U2F compatible devices/keyfobs, and other custom methods.
+
This documentation has been moved.
  
== Enabling Multifactor ==
+
For 7.10.2
  
No additional packages are required for the core of multifactor authentication, although for some methods (such as SMS), additional packages will be required.
+
https://documentation.open-xchange.com/7.10.2/middleware/security_and_encryption/multifactor_authentication.html
  
With SMS, for example, you must also install a provider, such as open-xchange-sms-sipgate
 
  
Then, multifactor must be enabled as a capability. This can be done in the multifactor.properties file, or as a cascade value
+
For 7.10.3
  
com.openexchange.capability.multifactor=true
+
https://documentation.open-xchange.com/7.10.3/middleware/security_and_encryption/multifactor_authentication.html
 
 
== Enabling SMS ==
 
 
 
First, the SMS provider must be installed and configured.  Most will require a configured username and password, or AUTH_TOKEN.  Install the needed package and configure
 
 
 
At that point, you should enable SMS in the multifactor.properties file
 
 
 
com.openexchange.multifactor.sms.available=true
 
 
 
The following properties are also available
 
 
 
* com.openexchange.multifactor.sms.tokenLength  (default is 8 characters)
 
* com.openexchange.multifactor.sms.tokenLifetime (Number of minutes until challenge expires)
 
* com.openexchange.multifactor.maxTokenAmount (Maximum number of challenges before locked out)
 
 
 
== Enabling TOTP ==
 
 
 
TOTP is Time-based One Time Password.  This works with several apps available in mobile stores, such as Google Authenticator.
 
 
 
To enable, just set in the multifactor.properties file
 
 
 
com.openexchange.multifactor.totp.available=true
 
 
 
== Enabling Backup String ==
 
 
 
This is a method to allow a user to log into their account if they lose their primary multifactor authentication device (say losing their phone or U2F token).  It is a long string that they can copy, download, or print to use to unlock the account in the event of loss
 
 
 
To enable, set in the multifactor.properties file
 
 
 
com.openexchange.multifactor.backupString.available=true
 
 
 
== Enabling U2F ==
 
 
 
U2F is supported in Google Chrome, as well as Firefox (though requires user changing advanced settings). 
 
 
 
In multifactor.properties, enable U2F
 
 
 
com.openexchange.multifactor.U2F.available=true
 
 
 
Then, the domain that the user will be using must be specified.  This will be used with the requests to the U2F device, and must mach the website.  This configuration is config-cascade aware
 
 
 
com.openexchange.multifactor.U2F.appId=https://yourdomain
 
 
 
 
 
== Login Page ==
 
 
 
By default, the UI will change from the login page, draw the customized toolbar, then display a prompt for the multifactor authentication.
 
 
 
If you would prefer to have your login screen, or a different second factor screen used as the background, then you can configure in the config.yml
 
 
 
For example:
 
 
 
default:
 
    host: all
 
    signinTheme: default
 
    multifactorBackdround: pages/secondFactor
 

Latest revision as of 14:10, 11 May 2020