At line 1 changed one line |
In CrushFTP version 9 we can integrate our One Time Password (__[OTP|OTP Settings]__) based authentication feature with Google's software based token device __Google Authenticator__ , using Time based OTP (TOTP). The user can register a QR code into Google Authenticator.\\ |
In CrushFTP version 10 we can integrate our One Time Password (__[OTP|OTP Settings]__) based authentication feature with Google's and Microsoft's software-based token device __Google Authenticator__ and __Microsoft Authenticator__, using Time based OTP (TOTP). The user can register a QR code into Google Authenticator or Microsoft Authenticator app.\\ |
At line 17 changed one line |
The user will need to log normally, generate the QR code from the client UI __User Options__ menu.\\ |
The user will need to log in normally, generate the QR code from the client UI __User Options__ menu.\\ |
At line 21 changed 2 lines |
Then open __Authenticator__ on the mobile device, set up new account, choose barcode, point the device towards the screen, read in the QR code. Then save the user settings by clicking the __Confirm__ button in the UI. \\ |
\\ |
Then open __Authenticator__ on the mobile device, set up a new account, choose to scan barcode, point the device towards the screen, and read in the QR code. Then save the user settings by clicking the __Confirm__ button in the UI. \\ |
\\ |
Google Authenticator\\ |
At line 25 changed one line |
__WARNING:__ the QR code is valid for one minute, if the time window is missed you will need to generate new, or it will not save. Once a secret key has been saved from the QR code, and confirmed, it can only be reset by a server administrator. Its a one time process.\\ |
Microsoft Authenticator\\ |
[{Image src='IMG_2500.jpg' width='272px' height='..' align='left'}] [{Image src='IMG_2501.jpg' width='272px' height='..' align='left'}] [{Image src='IMG_2502.jpg' width='272px' height='..' align='left'}]\\ |
At line 29 added 2 lines |
__WARNING:__ the QR code is valid for one minute, if the time window is missed you will need to generate new, or it will not save. Once a secret key has been saved from the QR code, and confirmed, it can only be reset by a server administrator. It's a one-time process.\\ |
\\ |
At line 33 changed 3 lines |
-a working Google Authenticator app on a mobile device |
-in the User Manager -> user -> Webinterface -> Available customizations section the "Enable two factor registration" is set to True. This can be enabled on the "default" template account or on the group template account so all other users will inherit the setting from the template user. |
-on Preferences -> General Settings -> OTP section the "Validated Logins" option must be enabled (A) |
-a working Google Authenticator app on a mobile device\\ |
-in the User Manager -> user -> Webinterface -> Available customizations section the "Enable two factor registration" is set to True. This can be enabled on the "default" template account or on the group template account so all other users will inherit the setting from the template user.\\ |
-on Preferences -> General Settings -> OTP section the "Validated Logins" option must be enabled (A on the first screenshot)\\ |
At line 40 changed one line |
The option of "Google Authenticator Auto Enable" on Preferences -> General Settings -> OTP section is enabled (B). |
The option of "Google Authenticator Auto Enable" on Preferences -> General Settings -> OTP section is enabled (B on the first screenshot). |
At line 43 changed one line |
The end-user logs in with username and password, and initializing the "Setup of 2 factor auth" via the User Options button, scans the QR code, and hits the Confirm button. |
The end-user logs in with username and password, and initializes the "Setup of 2 factor auth" via the User Options button, scans the QR code, and hits the Confirm button. |
At line 56 changed 2 lines |
The end-user logs in with username and password, and initializing the Setup of 2 factor auth via the User Optons button, scans the QR code, and hits the Confirm button. |
In the background CrushFTP writes the Two factor authentication Secret to the user account, but the Admin needs to activate the "Two factor OTP/SMS authentication" option for the user. |
The end-user logs in with username and password, and initializes the Setup of 2 factor auth via the User Options button, scans the QR code, and hits the Confirm button. |
In the background, CrushFTP writes the Two-factor authentication Secret to the user account, but the Admin needs to activate the "Two factor OTP/SMS authentication" option for the user. |
At line 60 changed one line |
DMZ - Main node scenario: on Preferences -> General Settings -> OTP section the "Validated Logins" option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node. |
__[DMZ|DMZ]__ - Main node scenario: on Preferences -> General Settings -> OTP section the "Validated Logins" option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node. |