2-Factor Authentication

 [Top]  [Previous]  [Next]  

The 2-Factor authentication page enables the activation of 2-factor authentication, either via a radius server or the time-based one-time password algorithm (OATH-TOTP) according to RFC 6238 (e.g. Google Authenticator):

 

sett_web_2factorauth

 

2-Factor Authentication. 2-factor authentication:

Don’t use. 2-factor authentication is not used for logging on to NetMan Desktop Manager.

use RADIUS server. 2-factor authentication is performed on a radius server. For details on the radius server authentication settings, see “Radius server settings“ in this chapter.

use one-time passwords (RFC 6238). 2-factor authentication is performed using one-time passwords. For details on the one-time password authentication settings, see “Settings for one-time passwords“ in this chapter.

 

Radius server settings

 

sett_web_2factor_radius

 

Text in form field. The text you enter here is used in the login dialog to designate the form field in which the user enters the temporary authentication.

Timeout. Timeout value for the login.

Number of connection attempts. Defines the number of total attempts made if authentication fails on the first try.

Use domain names in login. Always uses the domain name for login in addition to the user name.

 

Under RADIUS server and RADIUS server (backup) you define the RADIUS servers used for authentication:

Server name. Name of the RADIUS server.

Port. The port on the RADIUS server.

Secret key. Enter the secret key used by the authentication services for data encryption in server-client communication.

 

Settings for one-time passwords

 

sett_web_2factor_otp

 

Text in form field. Label that is assigned to the form field in the login dialog where the one-time password must be entered.

Label of the token account. The description/name of the sent code in the authenticator app (e.g. Google Authenticator). This can be, for example, the name of the school or any character string that allows a unique assignment of the sent code.

Use 2-factor authentication on. Defines which users use 2-factor authentication:

accounts created. All accounts for which 2-factor authentication has been specifically enabled.

all accounts. All account use 2-factor authentication.

accounts of the profiles. All accounts listed under Profiles used for 2-factor authentication use 2-factor authentication.

 

Profiles used for 2-factor authentication. Lists profiles whose users use 2-factor authentication.

 

Use the buttons at the top of this list to edit the profiles used:

Add. Adds a profile. In the dialog User profile selection you select from available user profiles. For details on creating user profiles, see "Create User Profiles“.

Delete. Delete user profiles from the list.

 

For details on configuring 2-factor authentication, see "Settings in the Web Interface/2-Factor Authentication“.