UCS 4.4 - MFA setup for management portal login

Hello, is there a way to setup a MFA for login page on the management portal for UCS 4.4? Privacyidea SAML app is missing open button after install, and I can not access settings for app using domain/privacydea url. Any other solution? I do not feel comfortable having only user/pass on login page.

You should be able to add the Google Authenticator plugin to the Apache config and use location directives to enforce MFA on the directory.

https://code.google.com/archive/p/google-authenticator-apache-module/wikis/GoogleAuthenticatorApacheModule.wiki

Alternatively is may be faster and easier to add a client certificate requirement to the directory in the vhost.

In the Exchange ActiveSync (EAS) universe, administrators often refer to this as setting up “Certificate Based Authentication” (CBA) …

I just updated my post asking about requiring client certificates for mail clients. It has most of the details you’ll need.

I looked at using MFA on the mail and ActiveSync URLs. The problem with hitting the EAS URL is every time a mail client gets disconnected the user will be re-prompted for their password. Which is actually password+MFA much like sites like Etrade. Terrible user experience for sure.

So I’ve thrown client certificates at the problem in my environment instead

Anyway, good luck

Mastodon