Two factor authentication
Two Factor Authentication
- Enable Google Authenticator Enable it so that Google Authenticator 2fa is available as an option for the users globally.
Google Authenticator Setup Google two factor authentication.
Once this is setup, user would be prompted to enter the codes to login. In the event of loosing your phone, this would have to be reset by another user with admin privileges via web interface.
- Enable Yubikey Enable it so that Yubikey 2fa is available as an option for the users globally.
Yubikey Setup the Yubico Client ID,Yubico Secret Key and New Yubikey. User is ready to authenticate with hardware device token.
- Enable Duo Enable it so that DUO 2fa is available as an option for the users globally.
- Duo Security Setup the DUO Integration key, DUO Secrete Key and DUO API host name. Then user is ready to authenticate with DUO Security.
- Enable Access Keyword Enable it so that Access Keyword 2fa is available globally as a 2 Factor option.
Access Keyword: Setup Access keywords.
Once this is setup,the user would be prompted to enter the characters based on their position in the Access Keyword string.
Note that unlike the web interface, the backend shell/ezsh would use the last successful 2FA mechanism that was used in webpanel. So if the backend 2FA mechanism needs to be changed then the user has to login via webpanel and use the prefferred 2FA method of choice.
- Force Two factor authentication(2FA): Enabling this is recommended for better security. The login page would display all the 2FA mechanisms that has been configured by the user and can choose any method to authenticate.
- Allow reuse of Google Authenticator code Enable this so that the same Google Authenticator codes could be used for authenticating in both the web interface and backend shell till the code expires.
- Yubico Client ID Get Yubico API Key Use your Yubikey device for generating these. An example client id would be 12780
- Yubico Secret Key Get Yubico API Key An example secret key would be +FHJ0TSA/Jt+mjvkw5wSoAGyGKk=
- YubiKey Sync Level This is speed vs security tradeoff. Higher the value better the security.
- DUO Integration key Login to "https://duo.com/" and get DUO integration key from Duo Security->Protect an Application->Web SDK.
- DUO Secret key Login to "https://duo.com/" and get DUO secret key from Duo Security->Protect an Application->Web SDK.
- DUO API hostname Login to "https://duo.com/" and DUO API hostname from Duo Security->Protect an Application->Web SDK.
- Use Email ID for Duo login If "use Email Id for Duo login" is set, user email id will use for duo login otherwise username will use for duo login.