View Attach (13) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 otp_email.png 53.8 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_email_template.png 66.4 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_email_template2.png 56.3 kB 1 12-May-2025 04:52 krivacsz
jpg
 otp_general.jpg 166.9 kB 1 05-Dec-2023 05:32 Ada Csaba
png
 otp_sms.png 89.8 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_token_length_config.png 58.9 kB 1 23-May-2025 02:26 krivacsz
png
 otp_user_extra_text_ref.png 32.5 kB 1 12-May-2025 04:49 krivacsz
png
 otp_user_settings.png 37.7 kB 4 12-May-2025 05:34 krivacsz
png
 otp_user_settings_phone.png 15.7 kB 1 12-May-2025 05:25 krivacsz
png
 otp_validate_logins.png 70.0 kB 1 12-May-2025 04:12 krivacsz
png
 twilio.png 179.8 kB 1 05-Dec-2023 05:32 krivacsz
png
 twilio2.png 77.5 kB 1 05-Dec-2023 05:32 krivacsz
png
 twilio3.png 24.1 kB 2 05-Dec-2023 05:32 Ben Spink

This page (revision-126) was last changed on 09-Jun-2025 03:25 by krivacsz

This page was created on 05-Dec-2023 05:32 by krivacsz

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 removed 3 lines
!!Enterprise Licenses Only
OTP settings\\
At line 5 changed 7 lines
This settings allows you to configure two factor authentication.
!1. SMS based:
Using Twilio: https://www.twilio.com/
User the ACCOUNT SID as username and AUTH TOKEN as password:\\
[twilio3.png]
!!! Constraints: It requires Enterprise License.\\
At line 13 changed one line
Url : https://{otp_username}:{otp_password}@api.twilio.com/2010-04-01/Accounts/{otp_username}/Messages.json\\
__OTP / MFA / 2FA settings:__\\
At line 15 changed one line
Provide your twilio phone number. Checking the "Validated Logins?" will enable to use otp in user login.\\
This settings allows you to configure __Two Factor__ authentication.\\
This feature also supports software-based authenticator applications such as __Google Authenticator__ and __Microsoft Authenticator__. For more information, see the [Authenticator Link|Authenticator]\\
At line 17 changed one line
[otp_sms.png]\\
OTP's are primarily intended for web interface logins. Variants like __Google Authenticator (TOTP)__ would be straight meaningless for __FTP__, __SFTP__, since it's impossible enroll anyways.\\
\\
A hidden flag in __prefs.XML__ controls for which protocols OTP should be enabled by default:\\
At line 19 changed one line
It will be used only for those users (Check on the User Manager) which has phone number and the "Two factor SMS authentication." flag is enabled.\\
{{{
<twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols>
}}}\\
At line 21 changed one line
[otp_user_settings.png]\\
You can customize the OTP token length by going to __Shares__ ([Manage Shares Link|Manage Shares])__ -> General Settings__, and adjusting the value in the __Length of auto-generated username and password__ input field.\\
At line 23 changed 3 lines
!2. Email based:
It is required a functional SMTP (Check on Generel Settings)\\
[OTP Settings/otp_token_length_config.png]\\
At line 27 changed one line
Url : SMTP \\
----
!1. Ensure that Validated Logins is enabled to allow two-factor authentication\\
At line 29 changed one line
[otp_email.png]\\
[OTP Settings/otp_validate_logins.png]\\
At line 31 changed 2 lines
It will be used only for those users (Check on the User Manager) which has email adress and the "Two factor SMS authentication." flag is enabled.\\
The email can be customized creating the email template: "Two Factor Auth"
__[DMZ|DMZ]__ - Main node scenario: on __Preferences -> General Settings -> OTP section__ the __Validated Logins__ option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node.\\
----
!2. Supported OTP Methods\\
!2.1 SMS OTP Configuration\\
At line 31 added 10 lines
- You must have a twilio account.
Using Twilio: [Twilio Link|https://www.twilio.com/]
----
__⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domain: __api.twilio.com__\\
----
The __ACCOUNT SID__ as __Username__ and __AUTH TOKEN__ as __Password__:\\
[OTP Settings/twilio3.png]
\\
URL:
{{{
At line 42 added one line
https://{otp_username}:{otp_password}@api.twilio.com/2010-04-01/Accounts/{otp_username}/Messages.json
At line 44 added 58 lines
}}}\\
\\
API post :
{{{
To={otp_to}&From={otp_from}&Body={otp_token}
}}}\\
\\
Provide your twilio phone number.\\
\\
[OTP Settings/otp_sms.png]\\
\\
__⚠️ Important__: The configuration will apply only to users who have a phone number (Go to [User Manager] -> Select the user).\\
\\
[OTP Settings/otp_user_settings_phone.png]\\
\\
!2.2 Email OTP Configuration\\
\\
Email usage requires an __SMTP Server__ configured in the __Preferences -> General Settings__ (See at [General Settings]). __Note:__ Make sure your SMTP server is properly configured and functioning.\\
\\
__URL:__ SMTP \\
__⚠️ Important__ Just those 4 uppercase letters, nothing else.\\
\\
[OTP Settings/otp_email.png]\\
\\
This configuration applies only to users who have an email address and have the __Two-factor OTP/SMS authentication__ flag enabled in the [User Manager].\\
\\
The email can be customized by creating an __Email Template__ (More info at [Email Templates]): __Two Factor Auth__\\
\\
[otp_email_template.png]\\
\\
__⚠️ Important__: Variable for the One Time Password:\\
{{{
{auth_token}
}}}\\
\\
You can personalize the __OTP Email Content__ for individual users by creating an __Extra Text Reference__ on the user account. Then, insert that reference into the email template to customize the message per user.\\
\\
[OTP Settings/otp_user_extra_text_ref.png]\\
\\
Like :
{{{
{user_x_otp_email_body}
}}}\\
\\
[OTP Settings/otp_email_template2.png]\\
\\
----
!3. Configuring OTP Settings for Users\\
\\
To enable OTP for a user (Go to [User Manager] -> Select the user, or choose the __default__ user to apply the settings to all users), check the __Two-factor OTP/SMS authentication__ setting in the user configuration.\\
\\
Make sure the required __protocol__ is enabled.\\
\\
__(Optional)__ You can also configure the OTP to remain valid for multiple days.\\
\\
[OTP Settings/otp_user_settings.png]\\
Version Date Modified Size Author Changes ... Change note
126 09-Jun-2025 03:25 3.945 kB krivacsz to previous
125 23-May-2025 02:33 3.931 kB krivacsz to previous | to last
124 23-May-2025 02:32 3.927 kB krivacsz to previous | to last
123 23-May-2025 02:32 3.922 kB krivacsz to previous | to last
122 23-May-2025 02:30 3.886 kB krivacsz to previous | to last
121 23-May-2025 02:29 4.064 kB krivacsz to previous | to last
« This page (revision-126) was last changed on 09-Jun-2025 03:25 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
Authenticator
CrushOAuth
CrushOIDC
Enterprise License Enhancements
LeftMenu

JSPWiki