MFA Configuration

To enable multi-factor authentication (MFA), you must set up certain configurations..

In systems that involve user authentication and data protection, encryption and salting mechanisms are critical to ensure that user authentication processes are both secure and trustworthy.

Secret: A secret key used for encryption.
Salt: A random value to enhance security.

These elements strengthen the MFA process to ensure a secure and reliable user authentication.

The following parameters are available for configuring MFA in Connectware.

Parameter

Description

CYBUS_MFA_ENABLED

Enables the MFA feature when set to true. Disables MFA when set to false.

CYBUS_MFA_ENCRYPTION_SECRET

The key used for MFA encryption.

CYBUS_MFA_ENCRYPTION_SALT

Additional random element used in the MFA encryption process.

CYBUS_MFA_MAX_INVALID_OTPS_PER_USER

Optional: Specifies the maximum number of incorrect OTPs a user can input during MFA login before their account is temporarily deactivated.

CYBUS_MFA_BAN_DURATION_MINUTES

Optional: Defines the duration (in minutes) of temporary account deactivation after multiple failed OTP attempts during MFA login.

Keep in mind that the combination of CYBUS_MFA_ENCRYPTION_SECRET and CYBUS_MFA_ENCRYPTION_SALT ensures the cryptographic robustness of 2FA tokens, making them both safe and distinct. If these values are compromised, it would expose the system to potential unauthorized access and breaches. By modifying these values, previously generated 2FA secrets became undecipherable. As a consequence, users with 2FA enabled would be unable to log in anymore.

Example configuration:

CYBUS_MFA_ENABLED=true
CYBUS_MFA_ENCRYPTION_SECRET=18473274-5073-11ee-be56-0242ac120002
CYBUS_MFA_ENCRYPTION_SALT=229c75c2-5073-11ee-be56-0242ac120002

Multi-Factor Authentication

PreviousLDAP Configuration NextAgents

Last updated 1 year ago

Was this helpful?

hashtagRelated Links

Related Links