Actions

TwoFactorAdminLogin/ja: Difference between revisions

From LimeSurvey Manual

(Created page with "{{Note|LimeSurvey 3.xでは、プラグイン内のフォルダー名を''TwoFactorAdminLogin''にする必要があります。}}")
(Created page with "<center>File:2FA plugin configuration.png</center>")
Line 47: Line 47:




To activate your 2FA plugin, access your LimeSurvey instance, and activate it from your [[Plugin manager|Plugin Manager]]:
2FAプラグインを有効にするには、LimeSurveyにアクセスし、[[Plugin manager/ja|プラグインマネージャー]]から設定します。




Revision as of 01:39, 13 April 2024

Other languages:


はじめに

2要素認証(2FA)は、アカウントのセキュリティを強化する方法です。アカウントへのアクセスに2つの検証方法が使用されるため、"2要素認証"と呼ばれます。第1の"要素"はどのアカウントでも標準となっている通常のパスワードです。第2の"要素"はコンピューターまたはモバイル機器の2FAアプリケーションから取得する検証コードです、2FAとその重要性の詳細については、こちらの記事を参照してください。

有効にした場合、LimeSurveyにログインするときに、6桁(既定値)のコードを入力する必要があります。



この機能の詳細は、以下をお読みください。


2FAプラグインのインストール方法

LimeSurvey Cloud

LimeSurvey Cloud(hosting provided by LimeSurvey GmbHが提供するホスティング)を使用している場合は、プラグインマネージャーページに移動し、有効にしてください(詳しくは以下を参照してください)。

LimeSurvey CE

現時点では、このプラグインはLimeSurvey CE(コミュニティエディション)のコアコンポーネントではありません。ダウンロードするにはLimeStoreにアクセスし、こちらからプラグインをダウンロードしてください。


ダウンロードするには、プレミアムアカウントが必要です。


ダウンロードしたら解凍し、LimeSurvey内のプラグイン関連フォルダにフォルダーを移動します。


LimeSurvey CloudとLimeSurvey CEの違いについては、こちらのWikiセクションを参照してください。
LimeSurvey 3.xでは、プラグイン内のフォルダー名をTwoFactorAdminLoginにする必要があります。

2FAプラグインを有効にする

2FAプラグインを有効にするには、LimeSurveyにアクセスし、プラグインマネージャーから設定します。



To check the default settings, please click on "Configure".


Plugin settings

The configuration page contains the following settings:



  • Issuer: The text typed in this box will be displayed in the app as issuer name.
  • Digits: The number of digits the resulting codes will be. Please leave it at 6 for Google Authenticator.
  • TimePeriod: The number of seconds a code will be valid. If you use Google Authenticator, please leave it to 30.
  • Discrepancy: The amount of discrepancy is allowed for the client after the TimePeriod expires (seconds)
  • Algorithm: The algorithm used to generate a hash:
    • SHA1 (Default)
    • SHA256
    • MD5
  • Force 2FA: If you enable it, all instance users have to create a 2FA token after they log in again into the LimeSurvey instance.

Don't forget to click on "Save" after updating your 2FA configuration.

2-Factor-Settings

Once you activated the plugin, a new menu item will be displayed on the top bar:



The dropdown menu includes the following two options:

  • 2FA-Setting: Users can enable and manage their 2FA settings.
  • 2FA-Administration: With the right permission, you can visualize whether the other instance users use 2FA or not.


2FA-Setting

If you haven't created any 2FA-token yet, the following page will be displayed:



If you decide to create a 2FA-token, click on "Register 2FA now". You will be prompted by the following message box:



To enable 2FA:

  1. Select the 2FA authentication method. By default, five different 2FA types are provided: Google Authenticator (default), Authy, YubiKey, Authenticator Plus, Duo, and HDE OTP.
  2. Scan the QR-code with your mobile phone. For a list of application recommendations, check this article.
  3. Enter the confirmation key displayed in your 2FA application.
From a technical perspective, you can use any 2FA application that supports TOTP (Time-based One-Time Password algorithm). For more information on what TOTP is, please check this article.

To confirm the creation of your 2FA-token, click on "Create 2FA binding".



Once done, the following two options will be displayed in your personal 2FA settings:



  • Unset 2FA: Confirm your action to delete the 2FA-token associated to your account.


Please note that you will need to re-authenticate again if "Force 2FA" is enabled from the plugin settings.


  • Reset 2FA: If this option is selected, you will be asked to scan the new QR-code and introduce the new confirmation Key.


2FA-Administration

With the necessary permissions, you can have access to the 2FA user management panel from where you can check how many users activated 2FA.



  • Action: A red trash button is displayed in this column next to the users that have enabled 2FA. If someone asks to get the 2FA-token reset because he/she cannot log in anymore into your instance, you can delete the 2FA-token associated with his/her account from here.
  • Username: All the instance users are listed under this column.
  • Full name:The full name typed in here by your users is displayed in this field.
  • Email: The email address corresponding to your users.
  • 2FA-Method: The 2FA-method chosen by each user.
  • 2FA enabled: If "1", it means that 2FA is enabled for the respective user.

FAQs

I am a super administrator and locked myself out. How can I delete my 2FA-token?

You will need access to your database and truncate the 2FA-related column.


How can I enforce 2FA to all my users?

Enable "Force 2FA" from the plugin configuration menu.


From where can I download the plugin?

Please access LimeStore and download the plugin from download it from here. To be able to download it, you need to hold a Premium package


I use LimeSurvey Cloud. Do I have to purchase the plugin?

No. The plugin is already part of the core LimeSurvey plugins - you can enable it by accessing the plugin menu.

Retrieved from "http://manual.limesurvey.org/index.php?title=TwoFactorAdminLogin/ja&oldid=377224"