Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:2.1:totp2f [2019/06/09 09:57]
cmaudoux [Configuration]
documentation:2.1:totp2f [2019/06/09 11:57] (current)
cmaudoux [Configuration]
Line 24: Line 24:
  
 In the manager (advanced parameters),​ you just have to enable it: In the manager (advanced parameters),​ you just have to enable it:
-  * TOTP => Activation: set it to "​on"​ +  * **Activation**: set it to "​on"​ 
-  * TOTP => Self registration:​ set it to "​on"​ if users are authorized to generate themselves a TOTP secret +  * **Self registration**: set it to "​on"​ if users are authorized to generate themselves a TOTP secret 
-  * TOTP => Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module //(default: 2 for user/​password based modules)//. **It is recommended to set an higher value here if you want to give access to some apps only to users enrolled** +  * **Authentication level**: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module //(default: 2 for user/​password based modules)//. **It is recommended to set an higher value here if you want to give access to some apps only to users enrolled** 
-  * TOTP => Issuer: default to portal hostname +  * **Issuer**: default to portal hostname 
-  * TOTP => Interval: interval for TOTP algorithm (default: 30) +  * **Interval**: interval for TOTP algorithm (default: 30) 
-  * TOTP => Range: number of additional intervals to test (default: 1) +  * **Range**: number of additional intervals to test (default: 1) 
-  * TOTP => Digits: number of digit by codes (default: 6) +  * **Digits**: number of digit by codes (default: 6) 
-  * TOTP => Display existing secret: display an already registered secret (default: disabled) +  * **Display existing secret**: display an already registered secret (default: disabled) 
-  * TOTP => Change existing secret: authorize a user to change its previoulsy registered TOTP secret +  * **Change existing secret**: authorize a user to change its previoulsy registered TOTP secret 
-  * Allow users to remove TOTP : If enabled, users can unregister TOTP. +  ​* **Allow users to remove TOTP**: If enabled, users can unregister TOTP. 
-  * Lifetime : Unlimited by default. Set a Time To Live in seconds. TTL is checked at each login process if set. If TTL is expired, relative TOTP is removed.+  ​* **Lifetime**: Unlimited by default. Set a Time To Live in seconds. TTL is checked at each login process if set. If TTL is expired, relative TOTP is removed.
  
 <note important>​If you want to use a custom rule for "​activation"​ and want to keep self-registration,​ you must include this in your rule that ''​$_2fDevices =~ /"​type":​\s*"​TOTP"/​s''​ is set, else TOTP will be required even if users are not registered. This is automatically done when "​activation"​ is simply set to "​on"​.</​note>​ <note important>​If you want to use a custom rule for "​activation"​ and want to keep self-registration,​ you must include this in your rule that ''​$_2fDevices =~ /"​type":​\s*"​TOTP"/​s''​ is set, else TOTP will be required even if users are not registered. This is automatically done when "​activation"​ is simply set to "​on"​.</​note>​