Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

From the October release 2020 Meridix support two factor authentication through e-mail (SMTP), OTP (Authenticator apps such as Microsoft Authenticator or Google Authenticator) or SMS (twilio (SMS SaaS vendor) or SMPP).

The following providers are available: otp, twilio and email and the configuration is done through the standard property provider system. The 2FA can be configured on system, reseller or customer level but not on the user level.
The system can and should have at least two providers set (not required). To disable 2FA completely do not set any providers at all.

Property key

Valid values (bold=default)

Description

security.two_factor_authentication_required

true | false

Should the system enforce two factor authentication on system/reseller/customer level

security.two_factor_authentication_scope

none | all | admin | system | system-admin

For who should the system enforce two factor authentication. Options: all | admin | system.

none = No users
all = All users
admin = All admin users (customer and system level)
system = All system level users (reseller managers, system manager and system administrators)
system-admin = All system administrators (not reseller manager and system managers)

security.two_factor_authentication_provider_types

email|otp|twilio

empty = no 2FA support

The enabled two factor authentication provider types delimited by |. Options: twilio (SMS), email (SMTP).

otp = Use OTP Authenticator apps
twilio = Use Twilios SMS service (see section below for required provider specific configuration)
email = Use the default SMTP for sending the 2FA verification code

security.two_factor_authentication_valid_for_minutes

-1 | integer

The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped.
-1 will force 2FA on every login.

security.two_factor_authentication_enabled

true | false

To enable or disable the two factor authentication

Configuration example

    <!-- Should the system enforce two factor authentication -->
    <add key="security.two_factor_authentication_enabled" value="false" />

    <!-- For who should the system enforce two factor authentication. Options: all | admin | system | system-admin -->
    <add key="security.two_factor_authentication_scope" value="all" />

    <!-- The two factor authentication provider type. Options: twilio (SMS), email (SMTP) -->
    <add key="security.two_factor_authentication_provider_type" value="email" />

    <!-- 
      The time between two factor authentication requests. I.e. if the user have previously logged in the within the last X minutes the 2fa step is skipped. 
      -1 will force 2fa on every login 
    -->
    <add key="security.two_factor_authentication_valid_for_minutes" value="-1" />

Providers

twilio

A provider for sending SMS using Twilio. Requires an account in twilio that will be used. The required properties for the twilio provider is listed below.

https://www.twilio.com/

<add key="twilio.account_sid" value="AC089df37bc21bd4f6d************"/>
<add key="twilio.from_number" value="+12183*******"/>
<add key="twilio.token" value="3781c88e7e1989a799********"/>

email

A provider for sending E-mails using the standard SMTP service in Meridix. No additional properties needed other than the standard SMTP configuration.

  • No labels

Webpage: www.meridix.se
Email: support@meridix.se
Tel: +46 (0) 21 38 30 32