View Attach (13) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 otp_email.png 53.8 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_email_template.png 66.4 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_email_template2.png 56.3 kB 1 12-May-2025 04:52 krivacsz
jpg
 otp_general.jpg 166.9 kB 1 05-Dec-2023 05:32 Ada Csaba
png
 otp_sms.png 89.8 kB 2 05-Dec-2023 05:32 Ben Spink
png
 otp_token_length_config.png 58.9 kB 1 23-May-2025 02:26 krivacsz
png
 otp_user_extra_text_ref.png 32.5 kB 1 12-May-2025 04:49 krivacsz
png
 otp_user_settings.png 37.7 kB 4 12-May-2025 05:34 krivacsz
png
 otp_user_settings_phone.png 15.7 kB 1 12-May-2025 05:25 krivacsz
png
 otp_validate_logins.png 70.0 kB 1 12-May-2025 04:12 krivacsz
png
 twilio.png 179.8 kB 1 05-Dec-2023 05:32 krivacsz
png
 twilio2.png 77.5 kB 1 05-Dec-2023 05:32 krivacsz
png
 twilio3.png 24.1 kB 2 05-Dec-2023 05:32 Ben Spink

This page (revision-126) was last changed on 09-Jun-2025 03:25 by krivacsz

This page was created on 05-Dec-2023 05:32 by krivacsz

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 8 removed one line
----
At line 10 changed one line
!1. Ensure that Validated Logins is enabled to allow two-factor authentication.\\
OTP's are primarily intended for web interface logins. Variants like __Google Authenticator (TOTP)__ would be straight meaningless for __FTP__, __SFTP__, since it's impossible enroll anyways.\\
\\
A hidden flag in __prefs.XML__ controls for which protocols OTP should be enabled by default:\\
At line 12 changed one line
[OTP Settings/otp_validate_logins.png]\\
{{{
<twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols>
}}}\\
At line 14 changed one line
__[DMZ|DMZ]__ - Main node scenario: on Preferences -> General Settings -> OTP section the __Validated Logins__ option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node.
You can customize the OTP token length by going to __Shares__ ([Manage Shares Link|Manage Shares])__ -> General Settings__, and adjusting the value in the __Length of auto-generated username and password__ input field.\\
At line 19 added 2 lines
[OTP Settings/otp_token_length_config.png]\\
\\
At line 22 added one line
!1. Ensure that Validated Logins is enabled to allow two-factor authentication\\
At line 18 changed one line
!2. SMS based:
[OTP Settings/otp_validate_logins.png]\\
\\
__[DMZ|DMZ]__ - Main node scenario: on __Preferences -> General Settings -> OTP section__ the __Validated Logins__ option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node.\\
----
!2. Supported OTP Methods\\
!2.1 SMS OTP Configuration\\
At line 22 changed 4 lines
\\
__!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domain: __api.twilio.com__\\
\\
The ACCOUNT SID as username and AUTH TOKEN as password:\\
----
__⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domain: __api.twilio.com__\\
----
The __ACCOUNT SID__ as __Username__ and __AUTH TOKEN__ as __Password__:\\
At line 28 changed one line
URL :
URL:
At line 41 added one line
At line 43 added one line
At line 48 added one line
At line 50 added one line
At line 42 changed one line
The config will be used only for users which have a phone number and the "Two factor SMS authentication" flag enabled in the User Manager.\\
__⚠️ Important__: The configuration will apply only to users who have a phone number (Go to [User Manager] -> Select the user).\\
At line 44 changed one line
[otp_user_settings.png]\\
[OTP Settings/otp_user_settings_phone.png]\\
At line 46 changed 5 lines
----
\\
!3. Email based:
Email usage requires an __SMTP Server__ configured in the Preferences -> General Settings ( See at [General Settings])\\
!2.2 Email OTP Configuration\\
At line 52 changed 2 lines
Url : SMTP \\
(Just those 4 uppercase letters, nothing else.)
Email usage requires an __SMTP Server__ configured in the __Preferences -> General Settings__ (See at [General Settings]). __Note:__ Make sure your SMTP server is properly configured and functioning.\\
At line 65 added 3 lines
__URL:__ SMTP \\
__⚠️ Important__ Just those 4 uppercase letters, nothing else.\\
\\
At line 57 changed 2 lines
The configuration will apply only to users who have an email address and have the __Two-factor OTP/SMS authentication__ flag enabled in the User Manager.\\
The email can be customized by creating an email template: __Two Factor Auth__\\
This configuration applies only to users who have an email address and have the __Two-factor OTP/SMS authentication__ flag enabled in the [User Manager].\\
At line 72 added 2 lines
The email can be customized by creating an __Email Template__ (More info at [Email Templates]): __Two Factor Auth__\\
\\
At line 62 changed one line
Variable for the one time password : {auth_token}\\
__⚠️ Important__: Variable for the One Time Password:\\
{{{
{auth_token}
}}}\\
At line 64 changed 2 lines
OTP's mainly for Webinterface logins, variants like Google Authenticator TOPT would be straight meaningless for FTP, SFTP, since it's impossible enroll anyways.
A hidden flag in __prefs.XML__ controls for which protocols OTP should be enabled by default
You can personalize the __OTP Email Content__ for individual users by creating an __Extra Text Reference__ on the user account. Then, insert that reference into the email template to customize the message per user.\\
\\
[OTP Settings/otp_user_extra_text_ref.png]\\
\\
Like :
At line 67 changed 2 lines
<twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols>
}}}
{user_x_otp_email_body}
}}}\\
At line 90 added 12 lines
[OTP Settings/otp_email_template2.png]\\
\\
----
!3. Configuring OTP Settings for Users\\
\\
To enable OTP for a user (Go to [User Manager] -> Select the user, or choose the __default__ user to apply the settings to all users), check the __Two-factor OTP/SMS authentication__ setting in the user configuration.\\
\\
Make sure the required __protocol__ is enabled.\\
\\
__(Optional)__ You can also configure the OTP to remain valid for multiple days.\\
\\
[OTP Settings/otp_user_settings.png]\\
Version Date Modified Size Author Changes ... Change note
126 09-Jun-2025 03:25 3.945 kB krivacsz to previous
125 23-May-2025 02:33 3.931 kB krivacsz to previous | to last
124 23-May-2025 02:32 3.927 kB krivacsz to previous | to last
123 23-May-2025 02:32 3.922 kB krivacsz to previous | to last
122 23-May-2025 02:30 3.886 kB krivacsz to previous | to last
121 23-May-2025 02:29 4.064 kB krivacsz to previous | to last
« This page (revision-126) was last changed on 09-Jun-2025 03:25 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
Authenticator
CrushOAuth
CrushOIDC
Enterprise License Enhancements
LeftMenu

JSPWiki