| At line 1 removed 3 lines |
| !!Enterprise Licenses Only |
|
| OTP / MFA / 2FA settings\\ |
| At line 2 added 4 lines |
| !!! Constraints: It requires Enterprise License.\\ |
| \\ |
| __OTP / MFA / 2FA settings:__\\ |
| \\ |
| At line 6 changed one line |
| Feature with Authenticator software-based token device (__Google Authenticator__ and __Microsoft Authenticator__) see at [Authenticator Link|Authenticator]\\ |
| This feature also supports software-based authenticator applications such as __Google Authenticator__ and __Microsoft Authenticator__. For more information, see the [Authenticator Link|Authenticator]\\ |
| At line 8 changed one line |
| !1. Ensure that “Validated Logins?” is enabled to allow two-factor authentication.\\ |
| OTP's are primarily intended for web interface logins. Variants like __Google Authenticator (TOTP)__ would be straight meaningless for __FTP__, __SFTP__, since it's impossible enroll anyways.\\ |
| \\ |
| A hidden flag in __prefs.XML__ controls for which protocols OTP should be enabled by default:\\ |
| At line 10 changed one line |
| [OTP Settings/otp_validate_logins.png] |
| {{{ |
| <twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols> |
| }}}\\ |
| At line 12 changed one line |
| !2. SMS based: |
| You can customize the OTP token length by going to __Shares__ ([Manage Shares Link|Manage Shares])__ -> General Settings__, and adjusting the value in the __Length of auto-generated username and password__ input field.\\ |
| \\ |
| [OTP Settings/otp_token_length_config.png]\\ |
| \\ |
| ---- |
| !1. Ensure that Validated Logins is enabled to allow two-factor authentication\\ |
| \\ |
| [OTP Settings/otp_validate_logins.png]\\ |
| \\ |
| __[DMZ|DMZ]__ - Main node scenario: on __Preferences -> General Settings -> OTP section__ the __Validated Logins__ option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node.\\ |
| ---- |
| !2. Supported OTP Methods\\ |
| !2.1 SMS OTP Configuration\\ |
| At line 15 changed 4 lines |
| Using Twilio: https://www.twilio.com/ |
|
| \\ |
| The ACCOUNT SID as username and AUTH TOKEN as password:\\ |
| Using Twilio: [Twilio Link|https://www.twilio.com/] |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domain: __api.twilio.com__\\ |
| ---- |
| The __ACCOUNT SID__ as __Username__ and __AUTH TOKEN__ as __Password__:\\ |
| At line 21 changed one line |
| URL : |
| URL: |
| At line 41 added one line |
|
| At line 43 added one line |
|
| At line 48 added one line |
|
| At line 50 added one line |
|
| At line 35 changed one line |
| The config will be used only for users which have a phone number and the "Two factor SMS authentication" flag enabled in the User Manager.\\ |
| __⚠️ Important__: The configuration will apply only to users who have a phone number (Go to [User Manager] -> Select the user).\\ |
| At line 37 changed one line |
| [otp_user_settings.png]\\ |
| [OTP Settings/otp_user_settings_phone.png]\\ |
| At line 39 changed 3 lines |
| !3. Email based: |
|
| Email usage requires an __SMTP Server__ configured in the Preferences, General Settings area.\\ |
| !2.2 Email OTP Configuration\\ |
| At line 43 changed 2 lines |
| Url : SMTP \\ |
| (Just those 4 uppercase letters, nothing else.) |
| Email usage requires an __SMTP Server__ configured in the __Preferences -> General Settings__ (See at [General Settings]). __Note:__ Make sure your SMTP server is properly configured and functioning.\\ |
| At line 65 added 3 lines |
| __URL:__ SMTP \\ |
| __⚠️ Important__ Just those 4 uppercase letters, nothing else.\\ |
| \\ |
| At line 48 changed 2 lines |
| The configuration will apply only to users who have an email address and have the __Two-factor OTP/SMS authentication__ flag enabled in the User Manager.\\ |
| The email can be customized by creating an email template: __Two Factor Auth__\\ |
| This configuration applies only to users who have an email address and have the __Two-factor OTP/SMS authentication__ flag enabled in the [User Manager].\\ |
| At line 72 added 2 lines |
| The email can be customized by creating an __Email Template__ (More info at [Email Templates]): __Two Factor Auth__\\ |
| \\ |
| At line 53 changed one line |
| Variable for the one time password : {auth_token}\\ |
| __⚠️ Important__: Variable for the One Time Password:\\ |
| {{{ |
| {auth_token} |
| }}}\\ |
| At line 81 added one line |
| You can personalize the __OTP Email Content__ for individual users by creating an __Extra Text Reference__ on the user account. Then, insert that reference into the email template to customize the message per user.\\ |
| At line 56 changed 2 lines |
| OTP's mainly for Webinterface logins, variants like Google Authenticator TOPT would be straight meaningless for FTP, SFTP, since it's impossible enroll anyways. |
| A hidden flag in __prefs.XML__ controls for which protocols OTP should be enabled by default |
| [OTP Settings/otp_user_extra_text_ref.png]\\ |
| \\ |
| Like : |
| At line 59 changed 2 lines |
| <twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols> |
| }}} |
| {user_x_otp_email_body} |
| }}}\\ |
| At line 90 added 12 lines |
| [OTP Settings/otp_email_template2.png]\\ |
| \\ |
| ---- |
| !3. Configuring OTP Settings for Users\\ |
| \\ |
| To enable OTP for a user (Go to [User Manager] -> Select the user, or choose the __default__ user to apply the settings to all users), check the __Two-factor OTP/SMS authentication__ setting in the user configuration.\\ |
| \\ |
| Make sure the required __protocol__ is enabled.\\ |
| \\ |
| __(Optional)__ You can also configure the OTP to remain valid for multiple days.\\ |
| \\ |
| [OTP Settings/otp_user_settings.png]\\ |
