Mandatory 2FA/OTP for login
-
Hello, I'm trying to figure out if its possible to make 2FA (one-time password) mandatory for a subset of users in Xen Orchestra? Having the option is great, but some users just seem to "forget" to set it up, decresing the security of the whole platform. Thanks!
-
So you want to force everyone to use it, right?
-
Subset <> Everyone
-
Why a subset then? why not everyone?
-
Thank you for all the added features your team are really great!!!
It would be great if everyone can be enforced to use 2FA OTP setting for added security (subset is harder to code so not a high priority for but would be great.)
Extra Request:
Enable individual to generate new random or TYPE in their own OTP authentication value. Hopefully this is an easier feature to add as it lets user keeps consistent OTP across certain XO platform or other platforms by sharing same OTP key/code. See image below which section I am referring to. (I know for debian/linux OS when you change the code in ~/.google-authenticator file with a new code it update automatically and will work with the key without user having to rescan it again.)
-
OpenID Connect support is coming tomorrow, so you can use Keycloak (for example) to force TOTP
edit: but indeed, we already had the idea to enable it for the user at first connection after forced, it's not ultra trivial but doable.
-
@olivierlambert said in Mandatory 2FA/OTP for login:
OpenID Connect
Great thanks! Can't wait for that extra feature integrated into XO. Especially if there is a short image tutorial on how to use it as well in the documentation
-
Exactly all of that in less than 24 hours
-
@wilsonqanda there you go, with a complete guide on how to configure it with KeyCloak: https://xen-orchestra.com/blog/xen-orchestra-5-80/
-
@olivierlambert Thank you very much
Such prompt response.
