2-factor authentication
This commit is contained in:
Roland Gruber
parent
9eebadb5ca
commit
5d54a7ea7b
|
|
@ -1,3 +1,7 @@
|
||||||
|
March 2017
|
||||||
|
- 2-factor authentication for admin login and self service with privacyIDEA
|
||||||
|
|
||||||
|
|
||||||
18.12.2016 5.6
|
18.12.2016 5.6
|
||||||
- New mechanism to replace wildcards in user edit screen. Personal/Unix support more wildcards like "$firstname".
|
- New mechanism to replace wildcards in user edit screen. Personal/Unix support more wildcards like "$firstname".
|
||||||
- Windows: added support for pager, otherPager, mobile, otherMobile, company and proxyAddresses (disabled by default in server profile)
|
- Windows: added support for pager, otherPager, mobile, otherMobile, company and proxyAddresses (disabled by default in server profile)
|
||||||
|
|
|
||||||
|
|
@ -8563,7 +8563,7 @@ OK (10 msec)</programlisting>
|
||||||
<title>Edit your new profile</title>
|
<title>Edit your new profile</title>
|
||||||
|
|
||||||
<section id="selfServiceBasicSettings">
|
<section id="selfServiceBasicSettings">
|
||||||
<title>Basic settings</title>
|
<title>General settings</title>
|
||||||
|
|
||||||
<para>On top of the page you see the link to the user login page. Copy
|
<para>On top of the page you see the link to the user login page. Copy
|
||||||
this link address and give it to your users.</para>
|
this link address and give it to your users.</para>
|
||||||
|
|
@ -8708,6 +8708,52 @@ OK (10 msec)</programlisting>
|
||||||
</tbody>
|
</tbody>
|
||||||
</tgroup>
|
</tgroup>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
<para></para>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>2-factor authentication</title>
|
||||||
|
|
||||||
|
<para>LAM supports 2-factor authentication for your users. This
|
||||||
|
means the user will not only authenticate by user+password but also
|
||||||
|
with e.g. a token generated by a mobile device. This adds more
|
||||||
|
security because the token is generated on a physically separated
|
||||||
|
device (typically mobile phone).</para>
|
||||||
|
|
||||||
|
<para>The token is validated by a second application. LAM currently
|
||||||
|
supports:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para><ulink
|
||||||
|
url="https://www.privacyidea.org/">privacyIdea</ulink></para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>By default LAM will enforce to use a token and reject users
|
||||||
|
that did not setup one. You can set this check to optional. But if a
|
||||||
|
user has setup a token then this will always be required.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/conf7.png" />
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>After logging in with user + password LAM will ask for the 2nd
|
||||||
|
factor. If the user has setup multiple factors then he can choose
|
||||||
|
one of them.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/conf8.png" />
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
|
|
|
||||||
Binary file not shown.
|
Before Width: | Height: | Size: 73 KiB After Width: | Height: | Size: 83 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 33 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 13 KiB |
Loading…
Reference in New Issue