Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Documentation

Skip to end of metadata
Go to start of metadata

Introduction

Abiquo 3.6.2 introduces two-factor authentication as an additional authentication option to improve the security of user login. This feature can be enabled for the platform and then required at enterprise level. If enabled but not required for their enterprise, users can still enable it. Under this feature the user supplies the application password and a second temporary password from an external authentication provider. The authentication methods supported are email and Google Authenticator.

Administer two-factor authentication

This section describes how to configure your cloud platform to use two-factor authentication.

Configure events, properties and emails

For Abiquo events and event streaming, if the enterprise that the M-user belongs to is required to use two-factor authentication, the administrator will also need to configure the M-user to use OAuth. See Authentication#OAuthv1.0VersionAAuthentication.  Enter the OAuth credentials in the Abiquo properties file. See Abiquo Configuration Properties#m

Configure Google Authenticator

For Google Authenticator, the administrator can set the name of the issuer of the two-factor authentication codes in the Abiquo properties file. See Abiquo Configuration Properties#2fa  

Configure email authentication

You can set the length of time the email codes will be valid for in Abiquo properties. See Abiquo Configuration Properties#2fa

For email authentication, the administrator can edit the email message. See Configure Email Templates

Check system time

The codes generated for two-factor integration are dependent on the system time. Check server date and time synchronization when configuring two factor authentication, and as part of the user issue troubleshooting process.

Configure authentication for integrations

On an enterprise level, if two-factor authentication is enabled for an enterprise, the administrator must migrate automation and integrations to OAuth. See Authentication#OAuthv1.0VersionAAuthentication

For information about implementing two-factor authentication for a portal, see    Authentication  

Manage two-factor authentication in the Abiquo UI


The platform administrator can enable two-factor authentication in the Configuration view or using the API.


When an administrator creates or edits an enterprise, they can mark a checkbox to require two-factor authentication of all users in the enterprise.

In the API, this is done by setting the enterprise attribute of twoFactorAuthenticationMandatory to true.


If two-factor authentication is not required, the user can still enable it from the username menu by clicking on the icon or username in the top right-hand corner of the screen and selecting two-factor authentication. Note that you can enable or disable 2fa for your own user only.

Using the API, you enable or disable 2fa by posting the authentication method to the action link of the user.

Use two-factor authentication

To use Google Authenticator, you will first need to install the Google Authenticator app on your mobile phone.

From the configuration dialog or the login dialog, you can select the authentication method and enable two-factor authentication for your account.

Backup codes

For all authentication methods, backup codes will be displayed once and you should copy them and keep them in a secure place.  If you get locked out of your account, you can supply the backup codes instead of the authenticator or email code to log in once and reset your authentication.

Screenshot showing once-only backup verification codes marked in red.

For Google Authenticator, use the app on your mobile phone to scan the QR code (or enter the URL) to obtain your verification code in the App. The App will now generate authentication codes for your user.

For email, every time you enter your user name and password to log in, a code will be sent to the email address registered in your Abiquo user account.

During login, Abiquo will ask for the authentication code from the app or your email. Enter the code in the field below the password.


After you log in, you can manage two-factor authentication from the username menu by clicking on the name or icon in the top right-hand corner of the screen, then selecting Two-factor authentication. Abiquo will display the configuration dialog but if two-factor authentication is required for your enterprise, you will effectively only be able to change the authentication method.