Versions Compared

Old Version 17

changes.mady.by.user Johan Wendelstam

Saved on

compared with

New Version 18

changes.mady.by.user Marcus Malmberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Property key

Valid values (bold=default)

Description

security.two_factor_authentication_required

true | false

Should the system enforce two factor authentication on system/reseller/customer level

security.two_factor_authentication_scope

none | all| admin | system | system-admin

For who should the system enforce two factor authentication. Options: all | admin | system. Is only used
NOTE: This is only in use when [security.two_factor_authentication_required] is set to tru true

Options:
none = No users
all = All users
admin = All admin users (customer and system level)
system = All system level users (reseller managers, system manager and system administrators)
system-admin = All system administrators (not reseller manager and system managers)

security.two_factor_authentication_provider_types

email|otp|twilio|smpp

empty = no 2FA support

The enabled two factor authentication provider types delimited by |.

Options: twilio (SMS), email (SMTP).
otp = Use OTP Authenticator apps
twilio = Use Twilios SMS service (see section below for required provider specific configuration)
email = Use the default SMTP for sending the 2FA verification code
smpp = SMPP server (see section below for required provider specific configuration).

Info

Note that the order is important, i.e. if both twilio and smpp is configures the first one will be used for SMS.

security.two_factor_authentication_valid_for_minutes

-1 | integer

The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped.
-1 will force 2FA on every login.

Configuration example

This is a configuration example for applying 2FA on system level. The code is applied in the app settings part of the basic.config file residing in the Meridix Platform (studio) installation folder.
The example below will leave 2FA with email or OTP as optional for all users below system administrators, and enforced for system administrators. There will be a grace period of two hours from login with 2FA until it is needed again, unless the user actively logs out from Meridix Platform. In that case 2FA would be needed to log in again.

Code Block
languagexml
    <!-- For who should the system enforceThe two factor authentication provider type. Options: all | admin | system | system-admin twilio (SMS), email (SMTP) -->
    <add key="security.two_factor_authentication_provider_types" value="email|otp" />

    <!-- Should the system enforce two factor authentication -->
    <add key="security.two_factor_authentication_scoperequired" value="alltrue" />

    <!-- TheFor who should the system enforce two factor authentication provider type. Options: twilio (SMS), email (SMTP)all | admin | system | system-admin -->
    <add key="security.two_factor_authentication_provider_typesscope" value="emailsystem-admin" />

    <!-- 
      The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped. 
      -1 will force 2fa on every login 
    -->
    <add key="security.two_factor_authentication_valid_for_minutes" value="-1120" />

Providers

twilio

A provider for sending SMS using Twilio. Requires an account in twilio that will be used. The required properties for the twilio provider is listed below.

...