Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
Clipboard05.jpg 139.3 kB 1 05-Dec-2023 05:32 Ada Csaba
png
Clipboard05.png 116.6 kB 1 05-Dec-2023 05:32 Ada Csaba
jpg
IMG_2500.jpg 191.7 kB 1 05-Dec-2023 05:32 Sandor
jpg
IMG_2501.jpg 464.9 kB 1 05-Dec-2023 05:32 Sandor
jpg
IMG_2502.jpg 52.0 kB 1 05-Dec-2023 05:32 Sandor
png
enable_two_factor.png 42.5 kB 2 26-Feb-2024 03:15 Ben Spink
png
qr_otp.png 1,990.7 kB 1 26-Feb-2024 03:00 Ben Spink
png
servercfg001.png 23.0 kB 5 05-Dec-2023 05:32 Sandor
png
servercfg002.png 54.1 kB 4 05-Dec-2023 05:32 Sandor actualized v10
png
servercfg002.png.png 54.1 kB 1 05-Dec-2023 05:32 Sandor actualized v10
png
servercfg003.png 64.4 kB 4 05-Dec-2023 05:32 Sandor
png
servercfg004.png 43.2 kB 4 05-Dec-2023 05:32 Sandor
png
tokencfg001.png 101.9 kB 2 05-Dec-2023 05:32 Ada Csaba
png
tokencfg002.png 96.2 kB 2 05-Dec-2023 05:32 Ada Csaba
png
tokencfg003.png 37.4 kB 2 05-Dec-2023 05:32 Ada Csaba

This page (revision-53) was last changed on 10-Oct-2024 10:57 by Ben Spink

This page was created on 05-Dec-2023 05:32 by Ada Csaba

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
In CrushFTP version 9 we can integrate our One Time Password (__[OTP|OTP Settings]__) based authentication feature with Google's software based token device __Google Authenticator__ , using Time based OTP (TOTP). The user can register a QR code into Google Authenticator.\\
CrushFTP has One Time Password (__[OTP/MFA|OTP Settings]__) based authentication feature with Google's and Microsoft's software-based token device __Google Authenticator__ and __Microsoft Authenticator__, using Time based OTP (TOTP) / MFA. The user can register a QR code into their Authenticator app.\\
At line 4 changed one line
You will need to enable one of our __[OTP|OTP Settings]__ methods, using SMS or Mail based OTP, and enable the __Validated logins__ checkbox. The user needs to be able to log in at least once, without OTP, or with the other __[OTP|OTP Settings]__ settings.\\
The config needs the URL set to "SMTP" and the checkbox for "Validated Logins" enabled.\\
At line 8 changed one line
The second step is to configure the user account with __Two Factor Authentication__\\
Next enable the two factor __QR code generator__ which will appear in the user's __User Options__ menu when they are logged in.\\
At line 10 changed one line
[attachments|servercfg002.png]\\
[attachments|enable_two_factor.png]\\
* You can also force two factor registration, then the user has no choice but to enroll in it at their next login. Set the customization flag "Two Factor: force Google Authenticator setup" to true. See the mini animated gif of the process below.\\
At line 12 changed one line
and enable the two factor __QR code generator__ which will appear in the user's __User Options__ menu when they are logged in.\\
!!Client / token device configuration\\
The user will need to log in normally, generate the QR code from the client UI __User Options__ menu.\\
At line 14 changed one line
[attachments|servercfg003.png]\\
[attachments|qr_otp.png]\\
At line 16 changed 2 lines
!!Client / token device configuration\\
The user will need to log normally, generate the QR code from the client UI __User Options__ menu.\\
__This part must be done within 30 seconds or the QR code becomes invalid.__\\
1.) Once they are ready and have the Authenticator app open on their mobile device, they click __Ready To Scan__.\\
2.) Choose to scan the QR code, point the device towards the screen, and let it read in the QR code.\\
3.) Next click __Confirm__ to save the same code to the server's user configuration.\\
At line 19 changed one line
[attachments|servercfg004.png]\\
Google Authenticator\\
[{Image src='tokencfg002.png' width='272px' height='..' align='left'}] [{Image src='tokencfg003.png' width='272px' height='..' align='left'}]\\
At line 21 changed 3 lines
Then open __Authenticator__ on the mobile device, set up new account, choose barcode, point the device towards the screen, read in the QR code. Then save the user settings by clicking the __Confirm__ button in the UI. \\
\\
[{Image src='tokencfg001.png' width='272px' height='..' align='left'}] [{Image src='tokencfg002.png' width='272px' height='..' align='left'}] [{Image src='tokencfg003.png' width='272px' height='..' align='left'}]\\
Microsoft Authenticator\\
[{Image src='IMG_2500.jpg' width='272px' height='..' align='left'}] [{Image src='IMG_2501.jpg' width='272px' height='..' align='left'}] [{Image src='IMG_2502.jpg' width='272px' height='..' align='left'}]\\
At line 25 changed one line
__WARNING:__ the QR code is valid for one minute, if the time window is missed you will need to generate new, or it will not save. Once a secret key has been saved from the QR code, and confirmed, it can only be reset by a server administrator. Its a one time process.\\
__WARNING:__ the QR code is valid for 30 seconds, if the time window is missed you will need to generate new, or it will not save. Once a secret key has been saved from the QR code, and confirmed, it can only be reset by a server administrator. It's a one-time process.\\
At line 33 changed 3 lines
-a working Google Authenticator app on a mobile device
-in the User Manager -> user -> Webinterface -> Available customizations section the "Enable two factor registration" is set to True. This can be enabled on the "default" template account or on the group template account so all other users will inherit the setting from the template user.
-on Preferences -> General Settings -> OTP section the "Validated Logins" option must be enabled (A on the first screenshot)
-a working Google Authenticator app on a mobile device\\
-in the User Manager -> user -> Webinterface -> Available customizations section the "Enable two factor registration" is set to True. This can be enabled on the "default" template account or on the group template account so all other users will inherit the setting from the template user.\\
-on Preferences -> General Settings -> OTP section the "Validated Logins" option must be enabled (A on the first screenshot)\\
At line 43 changed one line
The end-user logs in with username and password, and initializing the "Setup of 2 factor auth" via the User Options button, scans the QR code, and hits the Confirm button.
The end-user logs in with username and password, and initializes the "Setup of 2 factor auth" via the User Options button, scans the QR code, and hits the Confirm button.
At line 56 changed 2 lines
The end-user logs in with username and password, and initializing the Setup of 2 factor auth via the User Optons button, scans the QR code, and hits the Confirm button.
In the background CrushFTP writes the Two factor authentication Secret to the user account, but the Admin needs to activate the "Two factor OTP/SMS authentication" option for the user.
The end-user logs in with username and password, and initializes the Setup of 2 factor auth via the User Options button, scans the QR code, and hits the Confirm button.
In the background, CrushFTP writes the Two-factor authentication Secret to the user account, but the Admin needs to activate the "Two factor OTP/SMS authentication" option for the user.
At line 65 added 9 lines
\\
----
\\
Google Authenticator for Webinterface logins only, enrolling is not possible via FTP, SFTP.
A hidden flag in __prefs.XML__ controls for which protocols OTP should be enabled by default
{{{
<twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols>
}}}
\\
Version Date Modified Size Author Changes ... Change note
53 10-Oct-2024 10:57 5.279 kB Ben Spink to previous
52 10-Oct-2024 10:54 5.581 kB Ben Spink to previous | to last
51 05-Aug-2024 02:40 5.647 kB Ben Spink to previous | to last
50 05-Apr-2024 10:11 5.625 kB Ada Csaba to previous | to last
49 26-Feb-2024 03:14 5.287 kB Ben Spink to previous | to last
48 26-Feb-2024 03:13 5.282 kB Ben Spink to previous | to last
47 26-Feb-2024 03:11 5.277 kB Ben Spink to previous | to last
46 26-Feb-2024 03:04 5.196 kB Ben Spink to previous | to last
45 26-Feb-2024 03:00 4.949 kB Ben Spink to previous | to last
44 05-Dec-2023 05:32 4.955 kB Sandor to previous | to last
43 05-Dec-2023 05:32 4.951 kB Sandor to previous | to last
42 05-Dec-2023 05:32 4.943 kB Sandor to previous | to last
41 05-Dec-2023 05:32 4.947 kB Sandor to previous | to last
« This page (revision-53) was last changed on 10-Oct-2024 10:57 by Ben Spink
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
LeftMenu

JSPWiki