Versions Compared

Old Version 6

changes.mady.by.user Johan Wendelstam

Saved on

compared with

New Version 7

changes.mady.by.user Johan Wendelstam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following providers are available: otp, twilio and email and the configuration is done through the standard property provider system. The 2FA can be configured on system, reseller or customer level but not on the user level.
The system can and should have at least two providers set (not required). To disable 2FA completely do not set any providers at all.

Property key

Valid values (bold=default)

Description

security.two_factor_authentication_enabled

true | false

Should the system enforce two factor authentication

security.two_factor_authentication_scope

all | admin | system | system-admin

For who should the system enforce two factor authentication. Options: all | admin | system.

all = All users
admin = All admin users (customer and system level)
system = All system level users (reseller managers, system manager and system administrators)
system-admin = All system administrators (not reseller manager and system managers)

security.two_factor_authentication_provider_types

email|otp|twilio

empty = no 2FA support

The enabled two factor authentication provider types delimited by |. Options: twilio (SMS), email (SMTP).

otp = Use OTP Authenticator apps
twilio = Use Twilios SMS service (see section below for required provider specific configuration)
email = Use the default SMTP for sending the 2FA verification code

security.two_factor_authentication_valid_for_minutes

-1 | integer

The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped.
-1 will force 2FA on every login.

...