Hello, is there a way to setup a MFA for login page on the management portal for UCS 4.4? Privacyidea SAML app is missing open button after install, and I can not access settings for app using domain/privacydea url. Any other solution? I do not feel comfortable having only user/pass on login page.
You should be able to add the Google Authenticator plugin to the Apache config and use location directives to enforce MFA on the directory.
Alternatively is may be faster and easier to add a client certificate requirement to the directory in the vhost.
In the Exchange ActiveSync (EAS) universe, administrators often refer to this as setting up “Certificate Based Authentication” (CBA) …
I just updated my post asking about requiring client certificates for mail clients. It has most of the details you’ll need.
I looked at using MFA on the mail and ActiveSync URLs. The problem with hitting the EAS URL is every time a mail client gets disconnected the user will be re-prompted for their password. Which is actually password+MFA much like sites like Etrade. Terrible user experience for sure.
So I’ve thrown client certificates at the problem in my environment instead
Anyway, good luck