I’ve been working UCS trying to lock down my web URLs using an MFA solution like Google Authenticator.
https://code.google.com/archive/p/google-authenticator-apache-module/wikis/GoogleAuthenticatorApacheModule.wiki
Does anyone have some config examples and details that they could share? I want to restrict user logins at these directories to require an MFA:
/webapp
/univention/management
I was getting a lot of brute force attempts on my z-push and webapp so I enabled client-side certificate requirements. This stops the attacks at the reverse-proxy but the need for certificates on the webmail portion pretty much defeats the purpose of having webmail
I want to move towards an authenticator app instead.
I want to also require MFA on my “ucs-sso” URLs. This should enable MFA for services that use SAML like meets
https://ucs-sso.somedomain.com/simplesamlphp/module.php/core/loginuserpass.php
I’ve found solutions like this:
The ways to go about implementing it are a bit unclear.
Looking for some details docs and hopefully some lessons learned from someone who has done it.