Page Comparison

...

To improve login security, Abiquo supports two-factor authentication for the UI . with basic authentication.

Abiquo can send an authentication code:

via email
using Google Authenticator

The steps to use 2FA are:

Configure the authentication options in the platform
Activate 2FA for the platform
If 2FA must be used in an enterprise, edit the enterprise and select the required option
Users activate 2FA for their accounts.
1. This is optional if 2FA is not mandatory for their enterprise

Tip
When you enable the Abiquo OpenID Connect integration, Abiquo disables two-factor authentication.

Configure 2FA for the platform

For more details, see Configure Abiquo UI.

For details of how the user must enable 2FA, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/311370224/Starting+Abiquo+for+the+first+time#Use-two-factor-authentication.

Image Removed

User icon menu with 2FA option Image Added

Remove the option for users to enable 2fa

By default, the option to enable 2fa appears in the user icon menu. To remove the Two factor authentication option, edit the client-config-custom.json file, and set the following property:

Excerpt

Basic requirements of 2FA:

Synchronize system times because two-factor codes are dependent on the system time
Configure the Appliance manager to use HTTPS
- See Configure Abiquo Tomcat with HTTPS for Remote RS

Requirements for integrations:

For each enterprise that uses 2FA, migrate automation and integrations to OAuth. See Authentication#OAuthv1.0VersionAAuthentication.
To implement two-factor authentication for a portal, see Authentication

Requirements for events and event streaming:

if the M-user belongs to a tenant that must use 2FA, configure the M-user to use OAuth.
Enter the OAuth credentials in the Abiquo properties file. See Abiquo configuration properties and search for .m. See Authentication#OAuthv1.0VersionAAuthentication.

For integration and events requirements, see below.

To configure 2FA, customize properties and files, and enable it on the platform:

Log in to the Abiquo API Server
Go to /opt/abiquo/config and edit the abiquo.properties file. For full details about any Abiquo property see Abiquo configuration properties
For Google Authenticator,
1. set the property with the name of the issuer of authentication codes.
  Code Block
  abiquo.2fa.issuer=Abiquo

For email, :

configure the mail server with server.mail properties, including the sender with the from property. You can also set custom properties by replacing {javax mail property}with a property name.

Code Block

abiquo.server.mail.from=  
abiquo.server.mail.password=none  
abiquo.server.mail.port=25
abiquo.server.mail.server=127.0.0.1  
abiquo.server.mail.ssl=false
abiquo.server.mail.tls=false
abiquo.server.mail.user=none@none.es
abiquo.server.mail.extra.{javax mail property}=

Optionally, change the length of time in seconds that the email codes will be valid for
Code Block
abiquo.2fa.email.timestep=60

For email authentication, you can

To customize the email message

. See Customize email and SMS messages

Enable 2FA for the platform

To

1. , see Customize emails for two factor authentication
In Abiquo, enable two-factor authentication for the platform:
1. Go to Configuration → Security
2. Edit the options and select Enable two factor authentication

Requirements for integrations:

For each enterprise that uses 2FA, migrate automation and integrations to OAuth. See Authentication#OAuthv1.0VersionAAuthentication.
To implement two-factor authentication for a portal, see Authentication

Requirements for events and event streaming:

if the M-user belongs to a tenant that must use 2FA, configure the M-user to use OAuth.
Enter the OAuth credentials in the Abiquo properties file. See Abiquo configuration properties and search for .m. See Authentication#OAuthv1.0VersionAAuthentication.

Require 2FA for a tenant

To configure a tenant so that all the users must work with two-factor authentication:

Go to Users
Edit an enterprise and go to General
Select the checkbox to Require two-factor authentication for all users in the enterprise
Click Save

Select a checkbox to require two-factor authentication for a tenant

2FA for users

When a user’s enterprise requires two-factor authentication is required, the user must enable it from the user icon menu.

If Even if the enterprise does not require two-factor authentication is not required, the user can enable it for their own account from the user icon menu. To remove the Two factor authentication option from the user icon menu, edit the client-config-custom. json file, and set the following property:

code

client.2fa.activated=false

Code Block
client.2fa.activated=false

For more details, see Configure Abiquo UI.

Manage two factor authentication via the API

To require 2fa mandatory for a tenant, edit the enterprise and set the value of the twoFactorAuthenticationMandatory attribute to true.

To enable or disable 2fa for a user, post the authentication method to the action link of the user.

...

Versions Compared

Old Version 28

New Version Current

Key