TwoFactorAdminLogin: Difference between revisions
From LimeSurvey Manual
mNo edit summary |
mNo edit summary |
||
| Line 44: | Line 44: | ||
= | =2-Factor-Settings= | ||
*[[TwoFactorAdminLogin#2FA-Setting|2FA-Setting: Users can enable and manage their 2FA settings. | |||
*[[TwoFactorAdminLogin#2FA-Administration|2FA-Administration]]: With the right permission, you can visualize whether the other instance users use 2FA or not. | |||
==2FA-Setting== | |||
If you haven't created any 2FA-token yet, the following page will be displayed: | |||
<center>Screenshot</center> | <center>Screenshot</center> | ||
If you decide to create a 2FA-token, click on "Register 2FA now". You will be prompted by the following message box: | |||
<center>Screenshot</center> | |||
To enable 2FA: | |||
#Select the 2FA authentication method. By default, five different 2FA types are provided: Google Authenticator (default), Authy, YubiKey, Authenticator Plus, Duo, and HDE OTP. | |||
#Scan the QR-code with your mobile phone. For a list of application recommendations, check this article. | |||
#Enter the confirmation key displayed in your 2FA application. | |||
{{Note|From a technical perspective, you can use any 2FA application that supports TOTP. For more information on what TOTP is, please check this article.}} | |||
To confirm the creation of your 2FA-token, click on "Create 2FA binding". | |||
LINE | |||
Once done, the following two options will be displayed in your personal 2FA settings: | |||
* '''Unset 2FA:''' Confirm your action to delete the 2FA-token associated to your account. | * '''Unset 2FA:''' Confirm your action to delete the 2FA-token associated to your account. | ||
{{Note|Please note that you will need to re-authenticate again if "Force 2FA" is enabled from the plugin settings.}} | {{Note|Please note that you will need to re-authenticate again if "Force 2FA" is enabled from the plugin settings.}} | ||
* '''Reset 2FA:''' If this option is selected, you will be asked to scan the new QR-code and introduce the new confirmationKey. | * '''Reset 2FA:''' If this option is selected, you will be asked to scan the new QR-code and introduce the new confirmationKey. | ||
| Line 64: | Line 94: | ||
==2FA - | ==2FA-Administration== | ||
Intro | Intro | ||
Revision as of 12:51, 9 April 2019
Under Construction
Introduction
2-Factor-Authentication (2FA) is a way to add additional security to your account. It is called "two-factor-authentication" because two verification methods are used to access your account. The first "factor" is your usual password that is standard for any account. The second "factor" is a verification code retrieved from a 2FA application either from your computer or mobile device. For more details about 2FA and its importance, please visit the following article.
Activate the 2FA plugin
To activate your 2FA plugin, access your LimeSurvey instance, and activate it from your Plugin Manager:
To check the default settings, please click on "Configure".
Plugin settings
The configuration page contains the following settings:
- Issuer: The text typed in this box will be displayed in the app as issuer name.
- Digits: The number of digits the resulting codes will be. Please leave it at 6 for Google Authenticator.
- TimePeriod: The number of seconds a code will be valid. If you use Google Authenticator, please leave it to 30.
- Discrepancy: The amount of discrepancy is allowed for the client after the TimePeriod expires (seconds)
- Algorithm: The algorithm used to generate a hash:
- SHA1 (Default)
- SHA256
- MD5
- Force 2FA: If you enable it, all instance users have to create a 2FA token after they log in again into the LimeSurvey instance.
Don't forget to click on "Save" after updating your 2FA configuration.
2-Factor-Settings
- [[TwoFactorAdminLogin#2FA-Setting|2FA-Setting: Users can enable and manage their 2FA settings.
- 2FA-Administration: With the right permission, you can visualize whether the other instance users use 2FA or not.
2FA-Setting
If you haven't created any 2FA-token yet, the following page will be displayed:
If you decide to create a 2FA-token, click on "Register 2FA now". You will be prompted by the following message box:
To enable 2FA:
- Select the 2FA authentication method. By default, five different 2FA types are provided: Google Authenticator (default), Authy, YubiKey, Authenticator Plus, Duo, and HDE OTP.
- Scan the QR-code with your mobile phone. For a list of application recommendations, check this article.
- Enter the confirmation key displayed in your 2FA application.
From a technical perspective, you can use any 2FA application that supports TOTP. For more information on what TOTP is, please check this article.To confirm the creation of your 2FA-token, click on "Create 2FA binding".
LINE
Once done, the following two options will be displayed in your personal 2FA settings:
- Unset 2FA: Confirm your action to delete the 2FA-token associated to your account.
Please note that you will need to re-authenticate again if "Force 2FA" is enabled from the plugin settings.
- Reset 2FA: If this option is selected, you will be asked to scan the new QR-code and introduce the new confirmationKey.
If you are superadmin explanation
2FA-Administration
Intro
Condition
- Action: A red trash button is displayed in this column next to the users that have enabled 2FA. If someone asks to get his 2FA reset because he/she cannot log in anymore into your instance, you can delete the 2FA-token associated with his/her account from here.
- Username: All the instance users are listed under this column.
- Full name:The full name typed in here by your users is displayed in this field.
- Email: The email address corresponding to your users.
- 2FA-Method: The 2FA-method chosen by each user.
- 2FA enabled: If "1", it means that 2FA is enabled for the respective user.