Abiquo supports two-factor authentication for the user interface to improve login security.
User | Configuration steps |
---|---|
Systems administrator | Configure 2FA on the platform, including Abiquo Configuration properties. See below |
Cloud administrator | Enable 2FA and define if 2FA is mandatory for users. See below |
User | Optionally, enable 2FA if it is available on the platform. |
When you enable the Abiquo OpenID Connect integration, Abiquo disables two-factor authentication.
Configure 2FA on the platform
To configure 2FA authentication system do these steps:Synchronize system times because two-factor codes are dependent on the system time
For a multi-datacenter configuration, configure Appliance manager for template upload and download.
The Appliance manage must use HTTPS. See Configure Abiquo Tomcat with HTTPS for Remote RSFor each enterprise that requires 2FA, migrate automation and integrations to OAuth, see Authentication#OAuthv1.0VersionAAuthentication.
To implement two-factor authentication for a portal, see AuthenticationFor events and event streaming, if the M-user belongs to a tenant that must use 2FA, configure the M-user to use OAuth.
Enter the OAuth credentials in the Abiquo properties file. See Abiquo configuration properties and search for “m”.
See Authentication#OAuthv1.0VersionAAuthentication.Configure Google Authenticator properties. Set the name of the issuer of authentication codes. See Abiquo configuration properties and search for “2fa”.
Configure email authentication properties:
Set the email server configuration, including the sender with the "from" property. See Abiquo configuration properties and search for “server”.
Set the length of time that the email codes will be valid for. See Abiquo configuration properties and search for “2fa”.
For email authentication, you can edit the email message. See Configure custom platform messages
Troubleshooting two-factor authentication
Check server date and time synchronization as part of the user issue troubleshooting process.
Enable 2FA for the platform
To enable 2fa for the platform:
Go to Configuration → Security
Edit the options and select Enable two factor authentication
Require 2FA for a tenant
To require 2fa for a tenant:
Go to Users → edit Enterprise → General
Select the checkbox to Require two-factor authentication for all users in the enterprise
When two factor authentication is required, the user must enable it from the user icon menu.
If two-factor authentication is not required, the user may optionally enable it for their own account from the user icon menu.
To disable the display of the two factor authentication item in the user icon menu, the administrator can set the client.2fa.activated property to false in the UI configuration.
See Configure Abiquo UI .
For details of how the user must enable 2FA, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/311370224/Starting+Abiquo+for+the+first+time#Use-two-factor-authentication.
Manage two factor authentication via the API
To require 2fa mandatory for a tenant, edit the enterprise and set the value of the twoFactorAuthenticationMandatory attribute to true.
To enable or disable 2fa for a user, post the authentication method to the action link of the user.