Difference between revisions of "OS4X Enterprise Webaccess multi-factor authentication"

From OS4X
Jump to navigation Jump to search
(Created page with "= Purpose = In cirital environments, having users to authenticate to use OS4X Webaccess is often required to support additional means of identification. OS4X Webaccess multi-f...")
 
Line 18: Line 18:
  
 
== User configuration ==
 
== User configuration ==
 +
[[File:Bildschirmfoto 2023-11-14 um 10.38.35.png]]
 +
 +
Every user requiring MFA must be enabled. There exists no global configuration to activate the feature system-wide. The default is "off", so no MFA functionality is used. If the functionality is activated, a valid email address must be configured for this user. If no email address is configured for a user, the functionality is disabled during login.

Revision as of 09:41, 14 November 2023

Purpose

In cirital environments, having users to authenticate to use OS4X Webaccess is often required to support additional means of identification. OS4X Webaccess multi-factor authentication is a functionality to support this requirement. Authenticated users then must:

  1. provide a valid username and password
  2. must have access to their user email inbox, where a dynamically created token is sent to

Configuration

OS4X Webaccess MFA contains of several configuration parameters.

Global configuration

The global configuration is located in "Configuration" -> "OS4X Enterprise" -> "Webaccess" -> "Multi-factor user authentication".

Bildschirmfoto 2023-11-14 um 10.30.16.png

  • Multi-factor authentication mail template: A mail text template (which is automatically created for updated OS4X installations) containing HTML code for the email. The variable "$MFA_TOKEN" will be replaced during template rendering.
  • Mail subject: Subject of the sent email to the user, encoded as UTF-8 mail subject (so special characters can be added here as well). If unconfigured or empty, the subject text "OS4X 2FA" is being used.
  • Mail sender address: Sender of the email, given in the mail header. If unconfigured, the value "OS4X <os4x>" is used.
  • Sendmail command: command which is being executed for emailing. If unconfigured, the system's default "sendmail" command is used.

User configuration

Bildschirmfoto 2023-11-14 um 10.38.35.png

Every user requiring MFA must be enabled. There exists no global configuration to activate the feature system-wide. The default is "off", so no MFA functionality is used. If the functionality is activated, a valid email address must be configured for this user. If no email address is configured for a user, the functionality is disabled during login.