OS4X Enterprise Webaccess multi-factor authentication

From OS4X
Jump to navigation Jump to search

Purpose

In cirital environments, having users to authenticate to use OS4X Webaccess is often required to support additional means of identification. OS4X Webaccess multi-factor authentication is a functionality to support this requirement. Authenticated users then must:

  1. provide a valid username and password
  2. must have access to their user email inbox, where a dynamically created token is sent to

Configuration

OS4X Webaccess MFA contains of several configuration parameters.

Global configuration

The global configuration is located in "Configuration" -> "OS4X Enterprise" -> "Webaccess" -> "Multi-factor user authentication".

Bildschirmfoto 2023-11-14 um 10.30.16.png

  • Multi-factor authentication mail template: A mail text template (which is automatically created for updated OS4X installations) containing HTML code for the email. The variable "$MFA_TOKEN" will be replaced during template rendering.
  • Mail subject: Subject of the sent email to the user, encoded as UTF-8 mail subject (so special characters can be added here as well). If unconfigured or empty, the subject text "OS4X 2FA" is being used.
  • Mail sender address: Sender of the email, given in the mail header. If unconfigured, the value "OS4X <os4x>" is used.
  • Sendmail command: command which is being executed for emailing. If unconfigured, the system's default "sendmail" command is used.

User configuration

Bildschirmfoto 2023-11-14 um 10.38.35.png

Every user requiring MFA must be enabled. There exists no global configuration to activate the feature system-wide. The default is "off", so no MFA functionality is used. If the functionality is activated, a valid email address must be configured for this user. If no email address is configured for a user, the functionality is disabled during login.