NuxRo commented on code in PR #293: URL: https://github.com/apache/cloudstack-documentation/pull/293#discussion_r1092959218
########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs Review Comment: ```suggestion CloudStack supports two factor authentication, wherein users need ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently Review Comment: ```suggestion to provide a 2FA code after the regular login using username and password. CloudStack currently ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports Review Comment: ```suggestion In the 2FA setup form, the user needs to select one of the providers. CloudStack currently supports ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. Review Comment: ```suggestion Google Authenticator or other TOTP authenticators and static PIN as the 2FA providers. ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. + +When the google or other TOTP 2FA provider is selected, user must setup the account in google or other TOTP authenticator +application in their device by either scanning the QR code or using the setup key provided by CloudStack. +Once the account is setup in the authenticator application, user must verify 2FA with Cloudstack using Review Comment: ```suggestion Once the account is setup in the authenticator application, the user must verify 2FA with Cloudstack using ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. + +When the google or other TOTP 2FA provider is selected, user must setup the account in google or other TOTP authenticator +application in their device by either scanning the QR code or using the setup key provided by CloudStack. +Once the account is setup in the authenticator application, user must verify 2FA with Cloudstack using +the 2FA code in the authenticator application. Every time user has to use the same account in the +authenticator application during login into CloudStack. + +.. image:: /_static/images/configure-google-2fa-form.png + :width: 400px + :align: center + :alt: Configure google 2FA form + +When the staticpin 2FA provider is selected, user must use the static pin as the 2FA code to verify 2FA +with CloudStack. Every time user has to use this static pin as 2FA code during login into CloudStack. Review Comment: ```suggestion with CloudStack. The user must input this static PIN as a 2FA code every time they need to login. ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. + +When the google or other TOTP 2FA provider is selected, user must setup the account in google or other TOTP authenticator +application in their device by either scanning the QR code or using the setup key provided by CloudStack. +Once the account is setup in the authenticator application, user must verify 2FA with Cloudstack using +the 2FA code in the authenticator application. Every time user has to use the same account in the +authenticator application during login into CloudStack. + +.. image:: /_static/images/configure-google-2fa-form.png + :width: 400px + :align: center + :alt: Configure google 2FA form + +When the staticpin 2FA provider is selected, user must use the static pin as the 2FA code to verify 2FA +with CloudStack. Every time user has to use this static pin as 2FA code during login into CloudStack. + +.. image:: /_static/images/configure-staticpin-2fa-form.png + :width: 400px + :align: center + :alt: Configure staticpin 2FA form + +.. Note:: While user configures 2FA, verification of the 2FA code is must to complete the process. + +Admin has the capability to mandate 2FA for users. +When a new user is created ``mandate.user.two.factor.authentication`` setting will be used to enable +2FA for the user. In that case user must configure 2FA during the first login into CloudStack. Review Comment: ```suggestion 2FA for the user. In that case the user must configure 2FA during their first login into CloudStack. ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. Review Comment: ```suggestion supports Google Authenticator or other TOTP authenticators and static PIN as the 2FA providers. ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure Review Comment: ```suggestion For admins, the following are the settings available at global and domain level to configure ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. + +When the google or other TOTP 2FA provider is selected, user must setup the account in google or other TOTP authenticator Review Comment: ```suggestion When the Google Authenticator or Other TOTP 2FA provider is selected, the user must setup the account in the respective ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. + +When the google or other TOTP 2FA provider is selected, user must setup the account in google or other TOTP authenticator +application in their device by either scanning the QR code or using the setup key provided by CloudStack. +Once the account is setup in the authenticator application, user must verify 2FA with Cloudstack using +the 2FA code in the authenticator application. Every time user has to use the same account in the Review Comment: ```suggestion the 2FA code in the authenticator application. Every time the user has to use the same account in the ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. + +When the google or other TOTP 2FA provider is selected, user must setup the account in google or other TOTP authenticator +application in their device by either scanning the QR code or using the setup key provided by CloudStack. +Once the account is setup in the authenticator application, user must verify 2FA with Cloudstack using +the 2FA code in the authenticator application. Every time user has to use the same account in the +authenticator application during login into CloudStack. + +.. image:: /_static/images/configure-google-2fa-form.png + :width: 400px + :align: center + :alt: Configure google 2FA form + +When the staticpin 2FA provider is selected, user must use the static pin as the 2FA code to verify 2FA +with CloudStack. Every time user has to use this static pin as 2FA code during login into CloudStack. + +.. image:: /_static/images/configure-staticpin-2fa-form.png + :width: 400px + :align: center + :alt: Configure staticpin 2FA form + +.. Note:: While user configures 2FA, verification of the 2FA code is must to complete the process. + +Admin has the capability to mandate 2FA for users. +When a new user is created ``mandate.user.two.factor.authentication`` setting will be used to enable Review Comment: ```suggestion The setting ``mandate.user.2fa`` is used to enable ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. + +When the google or other TOTP 2FA provider is selected, user must setup the account in google or other TOTP authenticator +application in their device by either scanning the QR code or using the setup key provided by CloudStack. +Once the account is setup in the authenticator application, user must verify 2FA with Cloudstack using +the 2FA code in the authenticator application. Every time user has to use the same account in the +authenticator application during login into CloudStack. + +.. image:: /_static/images/configure-google-2fa-form.png + :width: 400px + :align: center + :alt: Configure google 2FA form + +When the staticpin 2FA provider is selected, user must use the static pin as the 2FA code to verify 2FA Review Comment: ```suggestion When the static PIN 2FA provider is selected, the user must use the static PIN as the code to verify 2FA ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. + +When the google or other TOTP 2FA provider is selected, user must setup the account in google or other TOTP authenticator +application in their device by either scanning the QR code or using the setup key provided by CloudStack. +Once the account is setup in the authenticator application, user must verify 2FA with Cloudstack using +the 2FA code in the authenticator application. Every time user has to use the same account in the +authenticator application during login into CloudStack. + +.. image:: /_static/images/configure-google-2fa-form.png + :width: 400px + :align: center + :alt: Configure google 2FA form + +When the staticpin 2FA provider is selected, user must use the static pin as the 2FA code to verify 2FA +with CloudStack. Every time user has to use this static pin as 2FA code during login into CloudStack. + +.. image:: /_static/images/configure-staticpin-2fa-form.png + :width: 400px + :align: center + :alt: Configure staticpin 2FA form + +.. Note:: While user configures 2FA, verification of the 2FA code is must to complete the process. + +Admin has the capability to mandate 2FA for users. Review Comment: ```suggestion The admin has the capability to mandate 2FA for users. ``` ########## source/adminguide/accounts.rst: ########## @@ -627,3 +627,80 @@ The following global configuration should be configured: - ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300. Default is 1800 +Using Two Factor Authentication For Users +------------------------------------------ + +CloudStack supports two factor authentication 2FA for the users, wherein users needs +to provide a 2FA code after the login using username and password. CloudStack currently +supports google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. +Other 2FA providers can be easily integrated with CloudStack using its plugin model. + +For admins, following are the settings available at global and domain level to configure +2FA. + +.. cssclass:: table-striped table-bordered table-hover + +================================================ ================ =================================================================== +Global setting Default values Description +================================================ ================ =================================================================== +enable.user.2fa false Determines whether 2FA is enabled or not +mandate.user.2fa false Determines whether to make the 2FA mandatory or not for the users +user.2fa.default.provider totp The default user 2FA provider plugin. Eg. google, staticpin +================================================ ================ =================================================================== + +If 2FA is configured for the user, the 2FA verification page looks like below after the login. + +.. image:: /_static/images/verify-2fa.png + :width: 400px + :align: center + :alt: Verify 2FA page + +Users can configure 2FA in CloudStack using the action button in user form. + +.. image:: /_static/images/configure-2fa-action-button.png + :width: 400px + :align: center + :alt: Configure 2FA action button + +In the 2FA setup form, user needs to select one of the providers. CloudStack currently supports +google authenticator along with other TOTP authenticators and staticpin as the 2FA providers. + +When the google or other TOTP 2FA provider is selected, user must setup the account in google or other TOTP authenticator +application in their device by either scanning the QR code or using the setup key provided by CloudStack. +Once the account is setup in the authenticator application, user must verify 2FA with Cloudstack using +the 2FA code in the authenticator application. Every time user has to use the same account in the +authenticator application during login into CloudStack. + +.. image:: /_static/images/configure-google-2fa-form.png + :width: 400px + :align: center + :alt: Configure google 2FA form + +When the staticpin 2FA provider is selected, user must use the static pin as the 2FA code to verify 2FA +with CloudStack. Every time user has to use this static pin as 2FA code during login into CloudStack. + +.. image:: /_static/images/configure-staticpin-2fa-form.png + :width: 400px + :align: center + :alt: Configure staticpin 2FA form + +.. Note:: While user configures 2FA, verification of the 2FA code is must to complete the process. + +Admin has the capability to mandate 2FA for users. +When a new user is created ``mandate.user.two.factor.authentication`` setting will be used to enable +2FA for the user. In that case user must configure 2FA during the first login into CloudStack. +User's first login page to configure 2FA looks like below, Review Comment: ```suggestion The user's first login page to configure 2FA looks like the below, ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
