Page Comparison

Basic requirements of 2FA:

• Synchronize system times because two-factor codes are dependent on the system time

• The Appliance manager must use HTTPS. See Configure Abiquo Tomcat with HTTPS for Remote RS

To adapt integrations and events:

• For each enterprise that requires 2FA, migrate automation and integrations to OAuth.
  See Authentication#OAuthv1.0VersionAAuthentication.
  To implement two-factor authentication for a portal, see Authentication

• For events and event streaming, if the M-user belongs to a tenant that must use 2FA, configure the M-user to use OAuth.
  Enter the OAuth credentials in the Abiquo properties file. See Abiquo configuration properties and search for “m”.
  See Authentication#OAuthv1.0VersionAAuthentication. 

To configure 2fa, customize properties and files on the Abiquo API server as required.
For more details, see Abiquo configuration properties

1. Configure Google Authenticator with a property to set the name of the issuer of authentication codes.

   Code Block
   abiquo.2fa.issuer=Abiquo

2. Configure the mail server with server.mail properties, including the sender with the from property.

   Code Block
   abiquo.server.mail.from= abiquo.server.mail.password=none abiquo.server.mail.port=25 abiquo.server.mail.server=127.0.0.1 abiquo.server.mail.ssl=false abiquo.server.mail.tls=false abiquo.server.mail.user=none@none.es abiquo.server.mail.extra.{javax mail property}=

3. Optionally, change the length of time in seconds that the email codes will be valid for

   Code Block
   abiquo.2fa.email.timestep=60

4. For email authentication, you can customize the email message. See Customize email and SMS messages

Enable 2FA for the platform

To enable 2fa for the platform:

1. Go to Configuration → Security

2. Edit the options and select Enable two factor authentication

Image Removed

Image Added

Require 2FA for a tenant

To require 2fa for a tenant:

1. Go to Users → edit Enterprise → General

2. Select the checkbox to Require two-factor authentication for all users in the enterprise

Image Removed

Image Added

2FA for users

When two factor authentication is required, the user must enable it from the user icon menu.

If two-factor authentication is not required, the user can enable it for their own account from the user icon menu.

To remove the Two factor authentication option from the user icon menu, edit the client-config-custom.json file, and set the following property:

client.2fa.activated=false

For more details, see Configure Abiquo UI.

For details of how the user must enable 2FA, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/311370224/Starting+Abiquo+for+the+first+time#Use-two-factor-authentication.

Manage two factor authentication via the API

To require 2fa mandatory for a tenant, edit the enterprise and set the value of the twoFactorAuthenticationMandatory attribute to true.

To enable or disable 2fa for a user, post the authentication method to the action link of the user.