Versions Compared

Version Old Version 11 New Version 12
Changes made by

MS

MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Abiquo supports two-factor authentication for the user interface to improve login security. 

...

Excerpt

To configure the authentication system do these steps:

  1. Synchronize system time: two-factor codes are dependent on the system time

  2. For a multi-datacenter configuration, configure Appliance manager for template upload and download as described in Uploading and downloading templates in multi datacenter

  3. For each enterprise that requires 2FA, migrate automation and integrations to OAuth, see Authentication#OAuthv1.0VersionAAuthentication. To implement two-factor authentication for a portal, see Authentication

  4. For events and event streaming, if the M-user belongs to a tenant that must use 2FA, configure the M-user to use OAuth.Enter the OAuth credentials in the Abiquo properties file. See Abiquo Configuration Properties#m. See Authentication#OAuthv1.0VersionAAuthentication

  5. Configure Google Authenticator properties. Set the name of the issuer of authentication codes. See Abiquo Configuration Properties#2fa 

  6. Configure email authentication properties:

    1. Set the email server configuration, including the sender with the "from" property. See Abiquo Configuration Properties#server

    2. Set the length of time that the email codes will be valid for. See Abiquo Configuration Properties#2fa

  7. For email authentication, you can edit the email message. See Configure Email Templates

Troubleshooting two-factor authentication

  • Check server date and time synchronization as part of the user issue troubleshooting process.

Manage two-factor authentication in the Abiquo UI

and API

For the platform, enable two-factor authentication in the Configuration view (or using the API).

Image Removed

When an administrator creates or edits an enterprise, they can mark a checkbox to require two-factor authentication of

To enable 2fa for the platform:

  1. Go to Configuration → Security
  2. Edit the options and select Enable two factor authentication

Image Added

To require 2fa for a tenant:

  1. Go to Users → edit enterprise → General
  2. Select the option to Require two-factor authentication for all users in the enterprise.


If two-factor authentication is not required, the a user can still enable it from the username menu by clicking on the icon or username in the top right-hand corner of the screen and selecting two-factor authentication. Note that you can enable or disable 2fa for your own user only. See Enable two factor authentication

Manage two factor authentication via the API

To require 2fa mandatory for a tenant, edit the enterprise and set the value of the twoFactorAuthenticationMandatory attribute to true.

To enable or disable 2fa for a user, post the authentication method to the action link of the user.

...