NuxRo commented on code in PR #293:
URL:
https://github.com/apache/cloudstack-documentation/pull/293#discussion_r1093013359
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
Review Comment:
```suggestion
by CloudStack. Once this is set up in the authenticator application, the
user must always use the provided 2FA codes to log in.
```
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
+Cloudstack using the 2FA code in the authenticator application. Every time the
user has to use the same
Review Comment:
```suggestion
```
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
+Cloudstack using the 2FA code in the authenticator application. Every time the
user has to use the same
+account in the authenticator application during login into CloudStack.
+
+.. image:: /_static/images/configure-google-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure google 2FA form
+
+When the static PIN 2FA provider is selected, the user must use the static PIN
as the code to verify 2FA
+with CloudStack. The user must input this static PIN as a 2FA code every time
they need to login.
+
+.. image:: /_static/images/configure-staticpin-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure staticpin 2FA form
+
+.. Note:: While user configures 2FA, verification of the 2FA code is must to
complete the process.
+
+The admin has the capability to mandate 2FA for users. The setting
``mandate.user.2fa``
Review Comment:
```suggestion
The admin has the capability to mandate 2FA for users via the setting
``mandate.user.2fa``.
```
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
+Cloudstack using the 2FA code in the authenticator application. Every time the
user has to use the same
+account in the authenticator application during login into CloudStack.
+
+.. image:: /_static/images/configure-google-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure google 2FA form
+
+When the static PIN 2FA provider is selected, the user must use the static PIN
as the code to verify 2FA
+with CloudStack. The user must input this static PIN as a 2FA code every time
they need to login.
+
+.. image:: /_static/images/configure-staticpin-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure staticpin 2FA form
Review Comment:
```suggestion
:alt: Configure static PIN 2FA form
```
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
+Cloudstack using the 2FA code in the authenticator application. Every time the
user has to use the same
+account in the authenticator application during login into CloudStack.
+
+.. image:: /_static/images/configure-google-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure google 2FA form
+
+When the static PIN 2FA provider is selected, the user must use the static PIN
as the code to verify 2FA
+with CloudStack. The user must input this static PIN as a 2FA code every time
they need to login.
+
+.. image:: /_static/images/configure-staticpin-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure staticpin 2FA form
+
+.. Note:: While user configures 2FA, verification of the 2FA code is must to
complete the process.
+
+The admin has the capability to mandate 2FA for users. The setting
``mandate.user.2fa``
+is used to enable 2FA for the user. In that case the user must configure 2FA
during their
+first login into CloudStack.
+
+The user's first login page to configure 2FA looks like the below,
+
+.. image:: /_static/images/configure-2fa-at-login-page.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA at login page
+
+For the existing users, admin can mandate 2FA using the 'updateUser' API with
the parameter 'mandate2FA'.
Review Comment:
```suggestion
For the existing users, the admin can mandate 2FA using the 'updateUser' API
with the parameter 'mandate2FA'.
```
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
+Cloudstack using the 2FA code in the authenticator application. Every time the
user has to use the same
+account in the authenticator application during login into CloudStack.
+
+.. image:: /_static/images/configure-google-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure google 2FA form
+
+When the static PIN 2FA provider is selected, the user must use the static PIN
as the code to verify 2FA
+with CloudStack. The user must input this static PIN as a 2FA code every time
they need to login.
+
+.. image:: /_static/images/configure-staticpin-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure staticpin 2FA form
+
+.. Note:: While user configures 2FA, verification of the 2FA code is must to
complete the process.
+
+The admin has the capability to mandate 2FA for users. The setting
``mandate.user.2fa``
+is used to enable 2FA for the user. In that case the user must configure 2FA
during their
+first login into CloudStack.
+
+The user's first login page to configure 2FA looks like the below,
+
+.. image:: /_static/images/configure-2fa-at-login-page.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA at login page
+
+For the existing users, admin can mandate 2FA using the 'updateUser' API with
the parameter 'mandate2FA'.
+
+Admin can also disable 2FA for users using the action button as shown below,
Review Comment:
```suggestion
The admin can also disable 2FA for a user using the action button as shown
below.
```
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
+Cloudstack using the 2FA code in the authenticator application. Every time the
user has to use the same
+account in the authenticator application during login into CloudStack.
+
+.. image:: /_static/images/configure-google-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure google 2FA form
Review Comment:
```suggestion
:alt: Configure Google 2FA form
```
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
+Cloudstack using the 2FA code in the authenticator application. Every time the
user has to use the same
+account in the authenticator application during login into CloudStack.
+
+.. image:: /_static/images/configure-google-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure google 2FA form
+
+When the static PIN 2FA provider is selected, the user must use the static PIN
as the code to verify 2FA
+with CloudStack. The user must input this static PIN as a 2FA code every time
they need to login.
+
+.. image:: /_static/images/configure-staticpin-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure staticpin 2FA form
+
+.. Note:: While user configures 2FA, verification of the 2FA code is must to
complete the process.
+
+The admin has the capability to mandate 2FA for users. The setting
``mandate.user.2fa``
+is used to enable 2FA for the user. In that case the user must configure 2FA
during their
Review Comment:
```suggestion
In this case the user must configure 2FA during their
```
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
+Cloudstack using the 2FA code in the authenticator application. Every time the
user has to use the same
+account in the authenticator application during login into CloudStack.
Review Comment:
```suggestion
```
##########
source/adminguide/accounts.rst:
##########
@@ -627,3 +627,80 @@ The following global configuration should be configured:
- ``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, minimum
value is set to 300. Default is 1800
+Using Two Factor Authentication For Users
+------------------------------------------
+
+CloudStack supports two factor authentication wherein users need to provide a
2FA code after the
+regular login using username and password. CloudStack currently supports
Google Authenticator or
+other TOTP authenticators and static PIN as the 2FA providers. Other 2FA
providers can be easily
+integrated with CloudStack using its plugin model.
+
+For admins, the following are the settings available at global and domain
level to configure 2FA.
+
+.. cssclass:: table-striped table-bordered table-hover
+
+================================================ ================
===================================================================
+Global setting Default values
Description
+================================================ ================
===================================================================
+enable.user.2fa false
Determines whether 2FA is enabled or not
+mandate.user.2fa false
Determines whether to make the 2FA mandatory or not for the users
+user.2fa.default.provider totp The
default user 2FA provider plugin. Eg. google, staticpin
+================================================ ================
===================================================================
+
+If 2FA is configured for the user, the 2FA verification page looks like below
after the login.
+
+.. image:: /_static/images/verify-2fa.png
+ :width: 400px
+ :align: center
+ :alt: Verify 2FA page
+
+Users can configure 2FA in CloudStack using the action button in user form.
+
+.. image:: /_static/images/configure-2fa-action-button.png
+ :width: 400px
+ :align: center
+ :alt: Configure 2FA action button
+
+In the 2FA setup form, the user needs to select one of the providers.
CloudStack currently supports
+Google Authenticator or other TOTP Authenticators and static PIN as the 2FA
providers.
+
+When the Google Authenticator or other TOTP 2FA provider is selected, the user
must setup the account in
+the respective application in their device by either scanning the QR code or
using the setup key provided
+by CloudStack. Once the account is setup in the authenticator application, the
user must verify 2FA with
+Cloudstack using the 2FA code in the authenticator application. Every time the
user has to use the same
+account in the authenticator application during login into CloudStack.
+
+.. image:: /_static/images/configure-google-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure google 2FA form
+
+When the static PIN 2FA provider is selected, the user must use the static PIN
as the code to verify 2FA
+with CloudStack. The user must input this static PIN as a 2FA code every time
they need to login.
+
+.. image:: /_static/images/configure-staticpin-2fa-form.png
+ :width: 400px
+ :align: center
+ :alt: Configure staticpin 2FA form
+
+.. Note:: While user configures 2FA, verification of the 2FA code is must to
complete the process.
Review Comment:
```suggestion
.. Note:: While the user configures 2FA, verification of the 2FA code is a
must to complete the process.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
