How To Increase The Size of The /var Partition on Virtual Appliances
How To? How To Increase The Size of The /var Partition on Virtual Appliances This article describes how to extend an LVM partition on cyberelements’
How To?
Set up Google Authenticator in cyberelements
How to set up a 2-Factor Authentication with Google Authenticator as a TOTP (Time-based OTP)?
1. Generate a new OTP token in the admin console:
From an admin account, open the OTP Generator
Add a new OTP token and choose “OTP – Google Authenticator”
Here’s an example of a token configuration:
The Expiration Time should remain 30 seconds for a Google Authenticator configuration.
If the token’s Expiration Time is changed and the OTP generator is not configured for the same duration, an error will occur when attempting to authenticate.
This duration doesn’t set the time during which a user should type in the one-time password.
The number of digits also depends of the OTP generator. For a Google OTP, it should be set at 6.
The user attribute can be any attribute. However, it is preferable to use a “private attribute”.
The TOTP is compatible with local domains (except the default local domain) and LDAP domains.
In this example, the secret key will be stored in a user attribute named “secretKey” for a cyberelements local domain.
It is also possible to store the secret key in an LDAP user attribute of your choice. In this case, you will need to fill in the exact AD attribute name.
Generated key can be sent automatically by mail by filling in the section shown below.
2. In the cyberelements local domain, configure a secret key for the user attribute configured above
Open your cyberelements domain, in this example it is “Local”
Associate the previously created token with this domain.
If you are using an LDAP domain, specify the name of the LDAP attribute in which the secret key will be stored. If you the cyberelements local domain is used, keep this section empty.
> The secret key setup
The key is based on the RFC3548 base 32 standard.
Therefore:
- The key must contain only uppercase letters.
- The key must have 16 characters.
- The characters must be supported by the RFC standards (letters from A to Z and numbers from 2 to 7)
Example: ABCDEFGH12345678
For an LDAP domain:
The secret key needs to be stored in the user LDAP attribute of your choice.
For a cyberelements local domain:
Open the concerned user.
Add a new “Label” with the security key as a value.
The 2-Factor Authentication is now ready to be used by a user account.
The Multi-Factor authentication is an easy to configure feature in cyberelements. It is an important element to establish a Zero Trust security policy.
Would like to learn more? Book a meeting with our experts.
Related Articles
File transfer in cyberelements
How To? Securely Transfer Files in cyberelements In this article we will explain how to transfer files in cyberelements. This article describes the various methods
Configuration of an SMTP
How To? Configure an SMTP Server The cyberelements platform allows to receive alerts, notifications and OTPs by e-mail via an SMTP server integrated into the
How to transfer the password vault’s database to another server?
How To? Transfer the password vault’s database to another server? This article explains how to move the database of the embedded vault containing the various
How to implement authentication with FIDO2 keys
How To? Implement authentication with FIDO2 keys This article describes how to implement authentication with FIDO2 biometric security keys in cyberelements. The content of this
How to Set Up an OTP Mail?
How To? Set Up an OTP Mail? This article describes how to set up secure access to the cyberelements platform using OTP mail. The OTP