Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
documentation:2.1:secondfactor [2019/07/24 11:02] maxbes [Second Factors] |
documentation:2.1:secondfactor [2020/04/30 21:04] (current) cmaudoux [Second Factors] |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| Since 2.0, LLNG provides some second factor plugins that can be used to complete authentication module with 2FA : | Since 2.0, LLNG provides some second factor plugins that can be used to complete authentication module with 2FA : | ||
| + | * [[utotp2f|U2F-or-TOTP]] //(enable both U2F and TOTP)// | ||
| + | * [[totp2f|TOTP]] //(to use with [[https://freeotp.github.io/|FreeOTP]], [[https://en.wikipedia.org/wiki/Google_Authenticator|Google-Authenticator]],…)// | ||
| * [[u2f|U2F tokens]] | * [[u2f|U2F tokens]] | ||
| - | * [[totp2f|TOTP]] //(to use with [[https://freeotp.github.io/|FreeOTP]], [[https://en.wikipedia.org/wiki/Google_Authenticator|Google-Authenticator]],…)// | ||
| - | * [[utotp2f|U2F-or-TOTP]] //(enable both U2F and TOTP)// | ||
| * [[yubikey2f|Yubikey tokens]] // provide by Yubico// | * [[yubikey2f|Yubikey tokens]] // provide by Yubico// | ||
| - | * [[rest2f|REST]] //(Remote REST app)// | + | * [[mail2f|E-Mail 2F]] //(Send a code to an email address)// |
| * [[external2f|External 2F]] //(to call an external command)// | * [[external2f|External 2F]] //(to call an external command)// | ||
| - | * [[mail2f|E-Mail 2F]] //(Send a code to an email address)// | + | * [[rest2f|REST]] //(Remote REST app)// |
| + | * [[radius2f|RADIUS]] //(Remote RADIUS server)// | ||
| The E-Mail, External and REST 2F modules [[sfExtra|may be declared multiple times]] with different sets of parameters. | The E-Mail, External and REST 2F modules [[sfExtra|may be declared multiple times]] with different sets of parameters. | ||
| Line 19: | Line 20: | ||
| <note tip>If you want to force a 2F registration on first login, you can use 'Require 2FA'. You can also use a rule to force 2FA registration only for some users.</note> | <note tip>If you want to force a 2F registration on first login, you can use 'Require 2FA'. You can also use a rule to force 2FA registration only for some users.</note> | ||
| <note tip>You can display a message if an expired second factor has been removed by enabling 'Display a message if an expired SF is removed' option or setting a rule.</note> | <note tip>You can display a message if an expired second factor has been removed by enabling 'Display a message if an expired SF is removed' option or setting a rule.</note> | ||
| + | <note tip>Link to second factor Manager is automatically display if at least a SFA module is enabled. You can set a rule to display or not the link.</note> | ||
| ===== Providing tokens from an external source ===== | ===== Providing tokens from an external source ===== | ||