Abiquo 4.5

Skip to end of metadata
Go to start of metadata

Abiquo supports two-factor authentication for the user interface to improve login security. 

  1. The Systems Administrator configures two-factor authentication for the platform following the steps below
  2. Then the Cloud Administrator can configure the Abiquo tenants to force users to work with two-factor authentication
  3. If two-factor authentication is available on the platform but not required for a user's tenant, the user can still choose to enable two-factor authentication

For a description of the user functionality, see Configure your user account

When you enable the Abiquo OpenID Connect integration, Abiquo disables two-factor integration.

Configure authentication system

System time

The codes generated for two-factor integration are dependent on the system time. Check server date and time synchronization when configuring two factor authentication, and as part of the user issue troubleshooting process.

Ensure correct multi-datacenter configuration

In a multi-datacenter environment where template upload and download are required, to enable two-factor authentication, the administrator must configure the Appliance Manager as described in:
Uploading and dowloading templates in multi datacenter

Configure authentication for integrations

On an enterprise level, if two-factor authentication is enabled for an enterprise, the administrator must migrate automation and integrations to OAuth. See Authentication#OAuthv1.0VersionAAuthentication

For information about implementing two-factor authentication for a portal, see Authentication

Configure events

For Abiquo events and event streaming, if the enterprise that the M-user belongs to is required to use two-factor authentication, the administrator will also need to configure the M-user to use OAuth. See Authentication#OAuthv1.0VersionAAuthentication.  Enter the OAuth credentials in the Abiquo properties file. See Abiquo Configuration Properties#m

Configure Google Authenticator properties

For Google Authenticator, the administrator can set the name of the issuer of the two-factor authentication codes in the Abiquo properties file. See Abiquo Configuration Properties#2fa 

Configure email authentication properties

You can set the length of time the email codes will be valid for in Abiquo properties. See Abiquo Configuration Properties#2fa

For email authentication, the administrator can edit the email message. See Configure Email Templates

Manage two-factor authentication in the Abiquo UI

The Cloud Administrator can enable two-factor authentication in the Configuration view or using the API.

When an administrator creates or edits an enterprise, they can mark a checkbox to require two-factor authentication of all users in the enterprise.

In the API, this is done by setting the enterprise attribute of twoFactorAuthenticationMandatory to true.

If two-factor authentication is not required, the user can still enable it from the username menu by clicking on the icon or username in the top right-hand corner of the screen and selecting two-factor authentication. Note that you can enable or disable 2fa for your own user only.

Using the API, you enable or disable 2fa by posting the authentication method to the action link of the user.

For information about how users will work with two-factor authentication, see Configure your user account