Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 28 Next »

To improve login security, Abiquo supports two-factor authentication for the UI . 

When you enable the Abiquo OpenID Connect integration, Abiquo disables two-factor authentication.

Configure 2FA for the platform

Basic requirements of 2FA:

Requirements for integrations:

Requirements for events and event streaming:

To configure 2FA, customize properties and files

  1. Log in to the Abiquo API Server

  2. Go to /opt/abiquo/config and edit the abiquo.properties file. For full details about any Abiquo property see Abiquo configuration properties

  3. For Google Authenticator, set the property with the name of the issuer of authentication codes.

    abiquo.2fa.issuer=Abiquo
  4. For email, configure the mail server with server.mail properties, including the sender with the from property. You can also set custom properties by replacing {javax mail property}with a property name.

    abiquo.server.mail.from=  
    abiquo.server.mail.password=none  
    abiquo.server.mail.port=25
    abiquo.server.mail.server=127.0.0.1  
    abiquo.server.mail.ssl=false
    abiquo.server.mail.tls=false
    abiquo.server.mail.user=none@none.es
    abiquo.server.mail.extra.{javax mail property}=  
  5. Optionally, change the length of time in seconds that the email codes will be valid for

     abiquo.2fa.email.timestep=60 
  6. For email authentication, you can customize the email message. See Customize email and SMS messages


Enable 2FA for the platform

To enable two-factor authentication for the platform:

  1. Go to Configuration → Security

  2. Edit the options and select Enable two factor authentication

Enable 2FA in Configuration view

Require 2FA for a tenant

To configure a tenant so that all the users must work with two-factor authentication:

  1. Go to Users

  2. Edit an enterprise and go to General

  3. Select the checkbox to Require two-factor authentication for all users in the enterprise

  4. Click Save

Select a checkbox to require two-factor authentication for a tenant

2FA for users

When two-factor authentication is required, the user must enable it from the user icon menu.

If two-factor authentication is not required, the user can enable it for their own account from the user icon menu.

To remove the Two factor authentication option from the user icon menu, edit the client-config-custom.json file, and set the following property:

client.2fa.activated=false

For more details, see Configure Abiquo UI.

For details of how the user must enable 2FA, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/311370224/Starting+Abiquo+for+the+first+time#Use-two-factor-authentication.

User icon menu with 2FA option


Manage two factor authentication via the API

To require 2fa mandatory for a tenant, edit the enterprise and set the value of the twoFactorAuthenticationMandatory attribute to true.

To enable or disable 2fa for a user, post the authentication method to the action link of the user.


  • No labels