| At line 1 removed 3 lines |
| !!Enterprise Licenses Only |
|
| OTP settings\\ |
| At line 5 changed one line |
| This settings allows you to configure two factor authentication. Before two factor authentication will even be considered, you must set the flag "otp_validated_logins" in your prefs.XML file to true.\\ |
| !!! Constraints: It requires Enterprise License.\\ |
| At line 7 changed one line |
| !1. SMS based: |
| __OTP / MFA / 2FA settings:__\\ |
| \\ |
| This settings allows you to configure __Two Factor__ authentication.\\ |
| This feature also supports software-based authenticator applications such as __Google Authenticator__ and __Microsoft Authenticator__. For more information, see the [Authenticator Link|Authenticator]\\ |
| \\ |
| OTP's are primarily intended for web interface logins. Variants like __Google Authenticator (TOTP)__ would be straight meaningless for __FTP__, __SFTP__, since it's impossible enroll anyways.\\ |
| \\ |
| A hidden flag in __prefs.XML__ controls for which protocols OTP should be enabled by default:\\ |
| \\ |
| {{{ |
| <twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols> |
| }}}\\ |
| \\ |
| You can customize the OTP token length by going to __Shares__ ([Manage Shares Link|Manage Shares])__ -> General Settings__, and adjusting the value in the __Length of auto-generated username and password__ input field.\\ |
| \\ |
| [OTP Settings/otp_token_length_config.png]\\ |
| \\ |
| ---- |
| !1. Ensure that Validated Logins is enabled to allow two-factor authentication\\ |
| \\ |
| [OTP Settings/otp_validate_logins.png]\\ |
| \\ |
| __[DMZ|DMZ]__ - Main node scenario: on __Preferences -> General Settings -> OTP section__ the __Validated Logins__ option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node.\\ |
| ---- |
| !2. Supported OTP Methods\\ |
| !2.1 SMS OTP Configuration\\ |
| At line 10 changed one line |
| Using Twilio: https://www.twilio.com/ |
| Using Twilio: [Twilio Link|https://www.twilio.com/] |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domain: __api.twilio.com__\\ |
| ---- |
| The __ACCOUNT SID__ as __Username__ and __AUTH TOKEN__ as __Password__:\\ |
| [OTP Settings/twilio3.png] |
| \\ |
| URL: |
| {{{ |
| At line 42 added 3 lines |
| https://{otp_username}:{otp_password}@api.twilio.com/2010-04-01/Accounts/{otp_username}/Messages.json |
|
| }}}\\ |
| At line 13 changed 2 lines |
| The ACCOUNT SID as username and AUTH TOKEN as password:\\ |
| [twilio3.png] |
| API post : |
| {{{ |
|
| To={otp_to}&From={otp_from}&Body={otp_token} |
|
| }}}\\ |
| At line 16 changed one line |
| Url : https://{otp_username}:{otp_password}@api.twilio.com/2010-04-01/Accounts/{otp_username}/Messages.json\\ |
| Provide your twilio phone number.\\ |
| At line 18 changed one line |
| Provide your twilio phone number. Checking the "Validated Logins?" will enable to use otp in user login.\\ |
| [OTP Settings/otp_sms.png]\\ |
| At line 20 changed one line |
| [otp_sms.png]\\ |
| __⚠️ Important__: The configuration will apply only to users who have a phone number (Go to [User Manager] -> Select the user).\\ |
| At line 22 changed one line |
| The config will be used only for users which have a phone number and the "Two factor SMS authentication" flag enabled in the User Manager.\\ |
| [OTP Settings/otp_user_settings_phone.png]\\ |
| At line 24 changed one line |
| [otp_user_settings.png]\\ |
| !2.2 Email OTP Configuration\\ |
| At line 26 changed 4 lines |
| Api post : |
| {{{ |
| To={otp_to}&From={otp_from}&Body={otp_token} |
| }}} |
| Email usage requires an __SMTP Server__ configured in the __Preferences -> General Settings__ (See at [General Settings]). __Note:__ Make sure your SMTP server is properly configured and functioning.\\ |
| At line 31 changed 3 lines |
| !2. Email based: |
|
| Email usage requires a SMTP server configured in the Preferences, General Settings area.\\ |
| __URL:__ SMTP \\ |
| __⚠️ Important__ Just those 4 uppercase letters, nothing else.\\ |
| At line 35 changed 2 lines |
| Url : SMTP \\ |
| (Just those 4 uppercase letters, nothing else.) |
| [OTP Settings/otp_email.png]\\ |
| At line 38 changed one line |
| [otp_email.png]\\ |
| This configuration applies only to users who have an email address and have the __Two-factor OTP/SMS authentication__ flag enabled in the [User Manager].\\ |
| At line 40 changed 3 lines |
| The config will be used only for users which have an email and the "Two factor SMS authentication" flag enabled in the User Manager.\\ |
| The email can be customized by creating an email template: "Two Factor Auth"\\ |
| This step is required. |
| The email can be customized by creating an __Email Template__ (More info at [Email Templates]): __Two Factor Auth__\\ |
| At line 46 changed one line |
| Variable for the one time password : {auth_token}\\ |
| __⚠️ Important__: Variable for the One Time Password:\\ |
| {{{ |
| {auth_token} |
| }}}\\ |
| \\ |
| You can personalize the __OTP Email Content__ for individual users by creating an __Extra Text Reference__ on the user account. Then, insert that reference into the email template to customize the message per user.\\ |
| \\ |
| [OTP Settings/otp_user_extra_text_ref.png]\\ |
| \\ |
| Like : |
| {{{ |
| {user_x_otp_email_body} |
| }}}\\ |
| \\ |
| [OTP Settings/otp_email_template2.png]\\ |
| \\ |
| ---- |
| !3. Configuring OTP Settings for Users\\ |
| \\ |
| To enable OTP for a user (Go to [User Manager] -> Select the user, or choose the __default__ user to apply the settings to all users), check the __Two-factor OTP/SMS authentication__ setting in the user configuration.\\ |
| \\ |
| Make sure the required __protocol__ is enabled.\\ |
| \\ |
| __(Optional)__ You can also configure the OTP to remain valid for multiple days.\\ |
| \\ |
| [OTP Settings/otp_user_settings.png]\\ |
