Versions Compared

Old Version 8

changes.mady.by.user Johan Wendelstam

Saved on

compared with

New Version 9

changes.mady.by.user Nael Kabbany

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Property key

Valid values (bold=default)

Description

security.two_factor_authentication_required

true | false

Should the system enforce two factor authentication on system/reseller/customer level

security.two_factor_authentication_scope

none | all| admin | system | system-admin

For who should the system enforce two factor authentication. Options: all | admin | system.

none = No users
all = All users
admin = All admin users (customer and system level)
system = All system level users (reseller managers, system manager and system administrators)
system-admin = All system administrators (not reseller manager and system managers)

security.two_factor_authentication_provider_types

email|otp|twilio

empty = no 2FA support

The enabled two factor authentication provider types delimited by |. Options: twilio (SMS), email (SMTP).

otp = Use OTP Authenticator apps
twilio = Use Twilios SMS service (see section below for required provider specific configuration)
email = Use the default SMTP for sending the 2FA verification code

security.two_factor_authentication_valid_for_minutes

-1 | integer

The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped.
-1 will force 2FA on every login.

security.two_factor_authentication_enabled

true | false

To enable or disable the two factor authentication

Configuration example

Code Block
languagexml
    <!-- Should the system enforce two factor authentication -->
    <add key="security.two_factor_authentication_enabled" value="false" />

    <!-- For who should the system enforce two factor authentication. Options: all | admin | system | system-admin -->
    <add key="security.two_factor_authentication_scope" value="all" />

    <!-- The two factor authentication provider type. Options: twilio (SMS), email (SMTP) -->
    <add key="security.two_factor_authentication_provider_type" value="email" />

    <!-- 
      The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped. 
      -1 will force 2fa on every login 
    -->
    <add key="security.two_factor_authentication_valid_for_minutes" value="-1" />

...