Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:latest:u2f [2019/06/09 09:55]
127.0.0.1 external edit
documentation:latest:u2f [2019/06/09 11:32] (current)
cmaudoux [Configuration]
Line 15: Line 15:
  
 In the manager (second factors), you just have to enable it: In the manager (second factors), you just have to enable it:
-  * U2F => Activation: set it to "​on"​ +  * **Activation**: set it to "​on"​ 
-  * U2F => Self registration:​ set it to "​on"​ if users are authorized to register their keys +  * **Self registration**: set it to "​on"​ if users are authorized to register their keys 
-  * U2F => Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module //(default: 2 for user/​password based modules)//. **It is recommended to set an higher value here if you want to give access to some apps only for enrolled users** +  * **Authentication level**: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module //(default: 2 for user/​password based modules)//. **It is recommended to set an higher value here if you want to give access to some apps only for enrolled users** 
-  * Allow users to remove U2F key : If enabled, users can unregister enrolled U2F device. +  ​* **Allow users to remove U2F key**: If enabled, users can unregister enrolled U2F device. 
-  * Lifetime : Unlimited by default. Set a Time To Live in seconds. TTL is checked at each login process if set. If TTL is expired, relative 2F device is removed.+  ​* **Lifetime**: Unlimited by default. Set a Time To Live in seconds. TTL is checked at each login process if set. If TTL is expired, relative 2F device is removed.
  
 <note important>​If you want to use a custom rule for "​activation"​ and enable self-registration,​ you have to include this in your rule: ''​$_2fDevices =~ /"​type":​\s*"​U2F"/​s'',​ else U2F will be required even if users are not registered. This is automatically done when "​activation"​ is set to "​on"​.</​note>​ <note important>​If you want to use a custom rule for "​activation"​ and enable self-registration,​ you have to include this in your rule: ''​$_2fDevices =~ /"​type":​\s*"​U2F"/​s'',​ else U2F will be required even if users are not registered. This is automatically done when "​activation"​ is set to "​on"​.</​note>​