This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
manuals:vps:users [2017/02/12 14:13] – created Aither | manuals:vps:users [2025/02/23 16:40] (current) – hw passkeys first, more sw examples aither | ||
---|---|---|---|
Line 31: | Line 31: | ||
{{navody: | {{navody: | ||
- | ===== Authentication tokens | + | ===== Two-factor authentication (2FA) ===== |
- | Users can authenticate in vpsAdmin using HTTP basic or authentication tokens. | + | Two-factor authentication for vpsAdmin using |
- | The latter | + | [[wp> |
- | Authentication tokens). | + | can be optionally enabled. You then need both the password |
+ | additional authentication devices. It is possible to combine TOTP and passkeys, | ||
+ | using one of the configured authentication devices is sufficient to log in. | ||
- | {{navody:vps:user_mail_templates.png?300|}} | + | When enabled, the two-factor authentication is mandatory for access to |
+ | your account: in the web interface, using [[manuals:vps:api|API]] and | ||
+ | [[manuals: | ||
+ | [[manuals: | ||
+ | will cease to work. | ||
- | You can see a list of active | + | 2FA can be enabled in profile settings (vpsAdmin -> Edit profile). Note that 2FA is active |
- | created them. This list is useful | + | only when there' |
- | various client applications. | + | |
- | The web UI itself uses authentication tokens. You can create tokens | + | {{: |
- | or any client library | + | |
+ | ==== TOTP ==== | ||
+ | |||
+ | You can setup TOTP e.g. on your mobile phone using applications like | ||
+ | [[https:// | ||
+ | or [[https:// | ||
+ | vpsAdmin will show you a QR code which you scan into the application. The 2FA | ||
+ | activation is then confirmed when you enter the one-time password that the | ||
+ | application will show you. Alternatively, | ||
+ | you can enter the secret key manually. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Once activated, you will be given a recovery code. This code can be used when | ||
+ | you lose access to your authentication device. Do not save this code together | ||
+ | with your vpsAdmin password. If you lose both the authentication device | ||
+ | the recovery code, you will have to contact our support to recover your account. | ||
+ | |||
+ | You can configure multiple TOTP devices and any one of them can be used to log in. | ||
+ | Individual devices can be temporarily disabled or removed | ||
+ | (vpsAdmin -> Edit profile -> TOTP devices). | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ==== Passkeys ==== | ||
+ | You can use hardware security tokens (YubiKey, GoTrust IdemKey, etc.) or software keychains such as KeePassXC, KeePassium, iCloud Keychain, Google Password Manager, Microsoft Windows Hello, 1Password. | ||
+ | |||
+ | Authentication using passkeys is available only in web browser, it cannot be used | ||
+ | with [[manuals: | ||
+ | |||
+ | First register your passkeys in vpsAdmin -> Edit profile -> Passkeys. Then enable | ||
+ | 2FA in vpsAdmin -> Edit profile. | ||
+ | |||
+ | ===== Session control ===== | ||
+ | In profile settings (vpsAdmin -> Edit profile), there' | ||
+ | |||
+ | {{: | ||
+ | |||
+ | * **Enable single sign-on** will let you enter vpsAdmin credentials once and log in to vpsAdmin, knowledge base and Discourse | ||
+ | * **Preferred session length** will configure time to logout on inactivity in vpsAdmin web interface, it defaults to 20 minutes | ||
+ | * **Logout all** will always log you out from all sessions of the same client, e.g. if you're logged into vpsAdmin from different browsers or devices, logout on one will logout all of them | ||
===== Session log ===== | ===== Session log ===== | ||
vpsAdmin logs all user sessions and remembers what actions were performed | vpsAdmin logs all user sessions and remembers what actions were performed | ||
(vpsAdmin -> Edit profile -> Session log). | (vpsAdmin -> Edit profile -> Session log). | ||
+ | |||
+ | {{: | ||
You can see when the session started, ended, what authentication method was | You can see when the session started, ended, what authentication method was | ||
- | used, IP addresses, client | + | used, IP addresses, client |
- | particular session. | + | particular session. Active sessions have a light green background. The current session |
+ | which is used to view the page has dark green background. You can end active sessions | ||
+ | by clicking on the trash bin icon. | ||