View Attach (13) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 otp_email.png 53.8 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_email_template.png 66.4 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_email_template2.png 56.3 kB 1 12-May-2025 04:52 krivacsz
jpg
 otp_general.jpg 166.9 kB 1 05-Dec-2023 05:32 Ada Csaba
png
 otp_sms.png 89.8 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_token_length_config.png 58.9 kB 1 23-May-2025 02:26 krivacsz
png
 otp_user_extra_text_ref.png 32.5 kB 1 12-May-2025 04:49 krivacsz
png
 otp_user_settings.png 37.7 kB 4 12-May-2025 05:34 krivacsz
png
 otp_user_settings_phone.png 15.7 kB 1 12-May-2025 05:25 krivacsz
png
 otp_validate_logins.png 70.0 kB 1 12-May-2025 04:12 krivacsz
png
 twilio.png 179.8 kB 1 05-Dec-2023 05:32 krivacsz
png
 twilio2.png 77.5 kB 1 05-Dec-2023 05:32 krivacsz
png
 twilio3.png 24.1 kB 2 05-Dec-2023 05:32 Ben Spink

This page (revision-126) was last changed on 09-Jun-2025 03:25 by krivacsz

This page was created on 05-Dec-2023 05:32 by krivacsz

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
!!Enterprise Licenses Only
\\
!!! Constraints: It requires Enterprise License.\\
\\
__OTP / MFA / 2FA settings:__\\
\\
This settings allows you to configure __Two Factor__ authentication.\\
This feature also supports software-based authenticator applications such as __Google Authenticator__ and __Microsoft Authenticator__. For more information, see the [Authenticator Link|Authenticator]\\
\\
OTP's are primarily intended for web interface logins. Variants like __Google Authenticator (TOTP)__ would be straight meaningless for __FTP__, __SFTP__, since it's impossible enroll anyways.\\
\\
A hidden flag in __prefs.XML__ controls for which protocols OTP should be enabled by default:\\
\\
{{{
<twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols>
}}}\\
\\
You can customize the OTP token length by going to __Shares__ ([Manage Shares Link|Manage Shares])__ -> General Settings__, and adjusting the value in the __Length of auto-generated username and password__ input field.\\
\\
[OTP Settings/otp_token_length_config.png]\\
\\
----
!1. Ensure that Validated Logins is enabled to allow two-factor authentication\\
\\
[OTP Settings/otp_validate_logins.png]\\
\\
__[DMZ|DMZ]__ - Main node scenario: on __Preferences -> General Settings -> OTP section__ the __Validated Logins__ option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node.\\
----
!2. Supported OTP Methods\\
!2.1 SMS OTP Configuration\\
At line 3 changed one line
OTP settings\\
- You must have a twilio account.
Using Twilio: [Twilio Link|https://www.twilio.com/]
----
__⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domain: __api.twilio.com__\\
----
The __ACCOUNT SID__ as __Username__ and __AUTH TOKEN__ as __Password__:\\
[OTP Settings/twilio3.png]
At line 5 changed one line
This settings allows you to configure two factor authentication. Before two factor authentication will even be considered, you must set the flag "otp_validated_logins" in your prefs.XML file to true.\\
URL:
{{{
https://{otp_username}:{otp_password}@api.twilio.com/2010-04-01/Accounts/{otp_username}/Messages.json
}}}\\
At line 7 changed one line
!1. SMS based:
API post :
{{{
At line 9 changed 2 lines
Using Twilio: https://www.twilio.com/
You must have a twilio account.
To={otp_to}&From={otp_from}&Body={otp_token}
}}}\\
At line 12 changed 2 lines
The ACCOUNT SID as username and AUTH TOKEN as password:\\
[twilio3.png]
Provide your twilio phone number.\\
At line 15 changed one line
Url : https://{otp_username}:{otp_password}@api.twilio.com/2010-04-01/Accounts/{otp_username}/Messages.json\\
[OTP Settings/otp_sms.png]\\
At line 17 changed one line
Provide your twilio phone number. Checking the "Validated Logins?" will enable to use otp in user login.\\
__⚠️ Important__: The configuration will apply only to users who have a phone number (Go to [User Manager] -> Select the user).\\
At line 19 changed one line
[otp_sms.png]\\
[OTP Settings/otp_user_settings_phone.png]\\
At line 21 changed one line
The config will be used only for users which have a phone number and the "Two factor SMS authentication" flag enabled in the User Manager.\\
!2.2 Email OTP Configuration\\
At line 23 changed one line
[otp_user_settings.png]\\
Email usage requires an __SMTP Server__ configured in the __Preferences -> General Settings__ (See at [General Settings]). __Note:__ Make sure your SMTP server is properly configured and functioning.\\
At line 25 changed 3 lines
!2. Email based:
Email usage requires a SMTP server configured in the Preferences, General Settings area.\\
__URL:__ SMTP \\
__⚠️ Important__ Just those 4 uppercase letters, nothing else.\\
At line 29 changed 2 lines
Url : SMTP \\
(Just those 4 uppercase letters, nothing else.)
[OTP Settings/otp_email.png]\\
At line 32 changed one line
[otp_email.png]\\
This configuration applies only to users who have an email address and have the __Two-factor OTP/SMS authentication__ flag enabled in the [User Manager].\\
At line 34 changed 3 lines
The config will be used only for users which have an email and the "Two factor SMS authentication" flag enabled in the User Manager.\\
The email can be customized by creating an email template: "Two Factor Auth"\\
This step is required.
The email can be customized by creating an __Email Template__ (More info at [Email Templates]): __Two Factor Auth__\\
At line 40 changed one line
Variable for the one time password : {auth_token}\\
__⚠️ Important__: Variable for the One Time Password:\\
{{{
{auth_token}
}}}\\
\\
You can personalize the __OTP Email Content__ for individual users by creating an __Extra Text Reference__ on the user account. Then, insert that reference into the email template to customize the message per user.\\
\\
[OTP Settings/otp_user_extra_text_ref.png]\\
\\
Like :
{{{
{user_x_otp_email_body}
}}}\\
\\
[OTP Settings/otp_email_template2.png]\\
\\
----
!3. Configuring OTP Settings for Users\\
\\
To enable OTP for a user (Go to [User Manager] -> Select the user, or choose the __default__ user to apply the settings to all users), check the __Two-factor OTP/SMS authentication__ setting in the user configuration.\\
\\
Make sure the required __protocol__ is enabled.\\
\\
__(Optional)__ You can also configure the OTP to remain valid for multiple days.\\
\\
[OTP Settings/otp_user_settings.png]\\
Version Date Modified Size Author Changes ... Change note
126 09-Jun-2025 03:25 3.945 kB krivacsz to previous
125 23-May-2025 02:33 3.931 kB krivacsz to previous | to last
124 23-May-2025 02:32 3.927 kB krivacsz to previous | to last
123 23-May-2025 02:32 3.922 kB krivacsz to previous | to last
122 23-May-2025 02:30 3.886 kB krivacsz to previous | to last
121 23-May-2025 02:29 4.064 kB krivacsz to previous | to last
« This page (revision-126) was last changed on 09-Jun-2025 03:25 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
Authenticator
CrushOAuth
CrushOIDC
Enterprise License Enhancements
LeftMenu

JSPWiki