How to enforce 2 Factor Authentication on user login?
Enforce 2fa on User login
Under Setting > General > Two-factor authentication > enable force 2fa.
Step 2. You have the option to activate mandatory Two-Factor Authentication (2FA) selectively for particular user groups based on specific requirements.
Under Users > User Groups > Select the user group > enable force 2fa
- You can also enable the different 2-factor mechanisms that will be available for the gateway user for setup.
- Relogin, into the WebGUI, and the user will be prompted to set up the 2-factor method if he hasn't set up any. Set up any 2fa method of your choice from here.
- To configure additional Two-Factor Authentication (2FA) methods, access the WebGUI after logging in and proceed to set up multiple 2FA methods accordingly.
The 2-factor mechanism used for the last login into the WebGUI would be the 2fa method in use in the backend. To change, the 2fa method in use in the backend, log into the WebGUI using the new 2fa method so that it becomes the default 2fa method for the backend.
- We have set up Google 2fa and Access Keyword successfully and will be prompted for it. In the example below, we are using Google 2fa to log in, and hence the same would be prompted in the backend shell as well.
- The backend would look as follows.
- Configure Duo 2fa in JumpServer
- Configure Yubikey 2fa in the JumpServer
- How to enable Access Keyword 2fa
- How to enable Google 2fa in JumpServer
- How to configure Radius 2fa in JumpServer