This is version 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Constraints: It requires Enterprise License.
#

OTP / MFA / 2FA settings:

This settings allows you to configure Two Factor authentication.
This feature also supports software-based authenticator applications such as Google Authenticator and Microsoft Authenticator. For more information, see the Authenticator Link

OTP's are primarily intended for web interface logins. Variants like Google Authenticator (TOTP) would be straight meaningless for FTP, SFTP, since it's impossible enroll anyways.

A hidden flag in prefs.XML controls for which protocols OTP should be enabled by default:

<twofactor_secret_auto_otp_enable_protocols>ftp,ftps,sftp,http,https,webdav</twofactor_secret_auto_otp_enable_protocols>

---

1. Ensure that Validated Logins is enabled to allow two-factor authentication
#

DMZ - Main node scenario: on Preferences -> General Settings -> OTP section the Validated Logins option must be enabled on the DMZ node, so the DMZ gives the two-factor authentication to the Main node.

---

2. OTP Configuration for Users
#

To enable OTP for a user (Go to User Manager -> Select the user, or choose the default user to apply the settings to all users), check the Two-factor OTP/SMS authentication setting in the user configuration.
Make sure the required protocol is enabled.

---

3. SMS based
#

- You must have a twilio account. Using Twilio: Twilio Link
!!! Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domain: api.twilio.com

The ACCOUNT SID as Username and AUTH TOKEN as Password:

URL :

https://{otp_username}:{otp_password}@api.twilio.com/2010-04-01/Accounts/{otp_username}/Messages.json

API post :

To={otp_to}&From={otp_from}&Body={otp_token}

Provide your twilio phone number.



Note: The configuration will apply only to users who have a phone number (Go to User Manager -> Select the user).

---

4. Email based
#

Email usage requires an SMTP Server configured in the Preferences -> General Settings ( See at General Settings)

URL : SMTP
!!!Note: Just those 4 uppercase letters, nothing else.



This configuration applies only to users who have an email address and have the Two-factor OTP/SMS authentication flag enabled in the User Manager.

The email can be customized by creating an Email Template (More info at Email Templates): Two Factor Auth



Note: Variable for the One Time Password:

{auth_token}

You can personalize the OTP Email Content for individual users by creating an Extra Text Reference on the user account. Then, insert that reference into the email template to customize the message per user.



Like :

{user_x_otp_email_body}