CargoServer supports the implementation of widely used 2FA authenticator applications (such as Google Authenticator or Microsoft Authenticator) on smartphones and allows each user to enrol this himself for his account.
2FA Prompt upon Sign-In #
If 2FA is enrolled for a user, the sign in process is enhanced with a second step after checking username/email and the password - the current 2FA code check:
2FA System Configuration #
If you would like to enable and/or enforce the usage of 2FA for authentication on the CargoServer, you can use the system settings to configure it in the tab “Users”.
This allows you tou
- Enable 2FA - this allows each user to configure 2FA in the profile settings
- Enforce 2FA - this enforces the usage of 2FA for each user and will prompt for the setup upon the next login
- 2FA grace period - this configures a grace time before 2FA setup is mandatory for users
Please note that SFTP connections can not be authenticated via 2FA currently.
Enforced 2FA setup #
Once the usage of 2FA is enforced on the system, each user which has not setup the 2FA configuration yet will be prompted with information screen upon the next sign in:
Once the setup is started, the user will get details of how the setup will be done with an application on his smartphone and initial generation and validation of the codes.
Example QR code to scan for configuration of the authenticator app.