Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:mail2f [2019/02/04 14:17] (current)
Line 1: Line 1:
 +====== E-Mail as Second Factor ======
  
 +This plugin adds the user's e-mail account as a second authentication factor.
 +
 +After logging in through another authentication module, a one-time code will be generated by the portal and sent to the user's e-mail address. The user will be prompted for this code in order to finish the login process.
 +
 +<note important>​This plugin will only improve security in situations where the user's email is not protected by the same password used to login on LemonLDAP::​NG.
 +And of course, if the user's email account is also protected by LemonLDAP::​NG,​ they will not be able to open their mailbox to find out their one-time code.
 +</​note>​
 +
 +
 +==== Configuration ====
 +
 +Before configuring this module, make sure the user's email address is correctly fetched from your UserDB plugin and appears in the session browser. If you want to store the user e-mail in a different session field than ''​mail'',​ go to "​General Parameters » Advanced parameters » SMTP" and set the "​Session key containing mail address"​ parameter.
 +
 +
 +All parameters are configured in "​General Parameters » Second factors » Mail second factor"​.
 +  * **Activation**:​ Set to ''​On''​ to activate this module. If a user does not have an email address, they will encounter an error on login. If you want to use this plugin only for users who have an email address, use ''​$mail''​ (or whatever your e-mail session key is) as the activation rule.
 +  * **Code regex**: The regular expression used to generate one-time codes. The default is a 6-digit code.
 +  * **Code timeout**: It might take a while for users to open their e-mail account and find the code. Raise this timeout if the default (2 minutes) isn't enough.
 +  * **Mail subject**: The subject of the email the user will receive. If you leave it blank, it will be looked up in translation files.
 +  * **Mail body**: The plain text content of the email the user will receive. If you leave it blank, the ''​mail_2fcode''​ HTML template will be used. The one-time code is stored in the ''​$code''​ variable
 +  * **Authentication level**: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5
 +  * **Logo** (Optional): logo file //(in static/<​skin>​ directory)//​