View Attach (13) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 otp_email.png 53.8 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_email_template.png 66.4 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_email_template2.png 56.3 kB 1 12-May-2025 04:52 krivacsz
jpg
 otp_general.jpg 166.9 kB 1 05-Dec-2023 05:32 Ada Csaba
png
 otp_sms.png 89.8 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_token_length_config.png 58.9 kB 1 23-May-2025 02:26 krivacsz
png
 otp_user_extra_text_ref.png 32.5 kB 1 12-May-2025 04:49 krivacsz
png
 otp_user_settings.png 37.7 kB 4 12-May-2025 05:34 krivacsz
png
 otp_user_settings_phone.png 15.7 kB 1 12-May-2025 05:25 krivacsz
png
 otp_validate_logins.png 70.0 kB 1 12-May-2025 04:12 krivacsz
png
 twilio.png 179.8 kB 1 05-Dec-2023 05:32 krivacsz
png
 twilio2.png 77.5 kB 1 05-Dec-2023 05:32 krivacsz
png
 twilio3.png 24.1 kB 2 05-Dec-2023 05:32 Ben Spink

This page (revision-126) was last changed on 09-Jun-2025 03:25 by krivacsz

This page was created on 05-Dec-2023 05:32 by krivacsz

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 removed 3 lines
!!Enterprise Licenses Only
OTP settings\\
At line 5 changed one line
This settings allows you to configure two factor authentication. Before two factor authentication will even be considered, you must set the flag "otp_validated_logins" in your prefs.XML file to true.\\
!!! Constraints: It requires Enterprise License.\\
At line 7 changed one line
!1. SMS based:
__OTP / MFA / 2FA settings:__\\
\\
This settings allows you to configure __Two Factor__ authentication.\\
This feature also supports software-based authenticator applications such as __Google Authenticator__ and __Microsoft Authenticator__. For more information, see the [Authenticator Link|Authenticator]\\
\\
OTP's are primarily intended for web interface logins. Variants like __Google Authenticator (TOTP)__ would be straight meaningless for __FTP__, __SFTP__, since it's impossible enroll anyways.\\
\\
A hidden flag in __prefs.XML__ controls for which protocols OTP should be enabled by default:\\
\\
{{{
<twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols>
}}}\\
\\
You can customize the OTP token length by going to __Shares__ ([Manage Shares Link|Manage Shares])__ -> General Settings__, and adjusting the value in the __Length of auto-generated username and password__ input field.\\
\\
[OTP Settings/otp_token_length_config.png]\\
\\
----
!1. Ensure that Validated Logins is enabled to allow two-factor authentication\\
\\
[OTP Settings/otp_validate_logins.png]\\
\\
__[DMZ|DMZ]__ - Main node scenario: on __Preferences -> General Settings -> OTP section__ the __Validated Logins__ option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node.\\
----
!2. Supported OTP Methods\\
!2.1 SMS OTP Configuration\\
At line 10 changed 2 lines
Using Twilio: https://www.twilio.com/
Using Twilio: [Twilio Link|https://www.twilio.com/]
----
__⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domain: __api.twilio.com__\\
----
The __ACCOUNT SID__ as __Username__ and __AUTH TOKEN__ as __Password__:\\
[OTP Settings/twilio3.png]
At line 13 changed 4 lines
The ACCOUNT SID as username and AUTH TOKEN as password:\\
[twilio3.png]
\\
Url :
URL:
At line 41 added one line
At line 43 added one line
At line 48 added one line
At line 50 added one line
At line 26 changed one line
Provide your twilio phone number. Checking the "Validated Logins?" will enable to use otp in user login.\\
Provide your twilio phone number.\\
At line 28 changed one line
[otp_sms.png]\\
[OTP Settings/otp_sms.png]\\
At line 30 changed one line
The config will be used only for users which have a phone number and the "Two factor SMS authentication" flag enabled in the User Manager.\\
__⚠️ Important__: The configuration will apply only to users who have a phone number (Go to [User Manager] -> Select the user).\\
At line 32 changed one line
[otp_user_settings.png]\\
[OTP Settings/otp_user_settings_phone.png]\\
At line 34 changed 3 lines
!2. Email based:
Email usage requires a SMTP server configured in the Preferences, General Settings area.\\
!2.2 Email OTP Configuration\\
At line 38 changed 2 lines
Url : SMTP \\
(Just those 4 uppercase letters, nothing else.)
Email usage requires an __SMTP Server__ configured in the __Preferences -> General Settings__ (See at [General Settings]). __Note:__ Make sure your SMTP server is properly configured and functioning.\\
At line 41 changed one line
[otp_email.png]\\
__URL:__ SMTP \\
__⚠️ Important__ Just those 4 uppercase letters, nothing else.\\
At line 43 changed 3 lines
The config will be used only for users which have an email and the "Two factor SMS authentication" flag enabled in the User Manager.\\
The email can be customized by creating an email template: "Two Factor Auth"\\
This step is required.
[OTP Settings/otp_email.png]\\
At line 70 added 4 lines
This configuration applies only to users who have an email address and have the __Two-factor OTP/SMS authentication__ flag enabled in the [User Manager].\\
\\
The email can be customized by creating an __Email Template__ (More info at [Email Templates]): __Two Factor Auth__\\
\\
At line 49 changed one line
Variable for the one time password : {auth_token}\\
__⚠️ Important__: Variable for the One Time Password:\\
{{{
{auth_token}
}}}\\
\\
You can personalize the __OTP Email Content__ for individual users by creating an __Extra Text Reference__ on the user account. Then, insert that reference into the email template to customize the message per user.\\
\\
[OTP Settings/otp_user_extra_text_ref.png]\\
\\
Like :
{{{
{user_x_otp_email_body}
}}}\\
\\
[OTP Settings/otp_email_template2.png]\\
\\
----
!3. Configuring OTP Settings for Users\\
\\
To enable OTP for a user (Go to [User Manager] -> Select the user, or choose the __default__ user to apply the settings to all users), check the __Two-factor OTP/SMS authentication__ setting in the user configuration.\\
\\
Make sure the required __protocol__ is enabled.\\
\\
__(Optional)__ You can also configure the OTP to remain valid for multiple days.\\
\\
[OTP Settings/otp_user_settings.png]\\
Version Date Modified Size Author Changes ... Change note
126 09-Jun-2025 03:25 3.945 kB krivacsz to previous
125 23-May-2025 02:33 3.931 kB krivacsz to previous | to last
124 23-May-2025 02:32 3.927 kB krivacsz to previous | to last
123 23-May-2025 02:32 3.922 kB krivacsz to previous | to last
122 23-May-2025 02:30 3.886 kB krivacsz to previous | to last
121 23-May-2025 02:29 4.064 kB krivacsz to previous | to last
« This page (revision-126) was last changed on 09-Jun-2025 03:25 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
Authenticator
CrushOAuth
CrushOIDC
Enterprise License Enhancements
LeftMenu

JSPWiki