This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
manuals:vps:users [2019/05/19 07:06] – 2fa on kb Aither | manuals:vps:users [2025/02/23 16:40] (current) – hw passkeys first, more sw examples aither | ||
---|---|---|---|
Line 33: | Line 33: | ||
===== Two-factor authentication (2FA) ===== | ===== Two-factor authentication (2FA) ===== | ||
Two-factor authentication for vpsAdmin using | Two-factor authentication for vpsAdmin using | ||
- | [[wp> | + | [[wp> |
- | can be optionally enabled. You then need both the password and TOTP to log in. | + | can be optionally enabled. You then need both the password and one of the |
+ | additional authentication devices. It is possible to combine | ||
+ | using one of the configured authentication devices is sufficient | ||
When enabled, the two-factor authentication is mandatory for access to | When enabled, the two-factor authentication is mandatory for access to | ||
Line 42: | Line 44: | ||
will cease to work. | will cease to work. | ||
- | 2FA can be enabled in profile settings (vpsAdmin -> Edit profile). | + | 2FA can be enabled in profile settings (vpsAdmin -> Edit profile). Note that 2FA is active |
+ | only when there' | ||
- | {{: | + | {{: |
+ | |||
+ | ==== TOTP ==== | ||
You can setup TOTP e.g. on your mobile phone using applications like | You can setup TOTP e.g. on your mobile phone using applications like | ||
Line 54: | Line 59: | ||
you can enter the secret key manually. | you can enter the secret key manually. | ||
- | {{: | + | {{: |
Once activated, you will be given a recovery code. This code can be used when | Once activated, you will be given a recovery code. This code can be used when | ||
Line 61: | Line 66: | ||
the recovery code, you will have to contact our support to recover your account. | the recovery code, you will have to contact our support to recover your account. | ||
- | ===== Session tokens ===== | + | You can configure multiple TOTP devices and any one of them can be used to log in. |
- | Users can authenticate | + | Individual devices |
- | The latter | + | (vpsAdmin -> Edit profile -> TOTP devices). |
- | Session tokens). | + | |
- | {{navody: | + | {{:navody:vps:totp_device_list.png?300|}} |
- | You can see a list of active session | + | ==== Passkeys ==== |
- | created them. This list is useful when you have multiple long-lived tokens for | + | You can use hardware security |
- | various client applications. | + | |
- | The web UI itself uses session | + | Authentication using passkeys is available only in web browser, it cannot be used |
- | or any client library | + | with [[manuals: |
+ | |||
+ | First register your passkeys in vpsAdmin -> Edit profile -> Passkeys. Then enable | ||
+ | 2FA in vpsAdmin -> Edit profile. | ||
+ | |||
+ | ===== Session control ===== | ||
+ | In profile settings (vpsAdmin -> Edit profile), there' | ||
+ | |||
+ | {{: | ||
+ | |||
+ | * **Enable single sign-on** will let you enter vpsAdmin credentials once and log in to vpsAdmin, knowledge base and Discourse | ||
+ | * **Preferred session length** will configure time to logout on inactivity | ||
+ | * **Logout all** will always log you out from all sessions of the same client, e.g. if you're logged into vpsAdmin from different browsers or devices, logout on one will logout all of them | ||
===== Session log ===== | ===== Session log ===== | ||
vpsAdmin logs all user sessions and remembers what actions were performed | vpsAdmin logs all user sessions and remembers what actions were performed | ||
(vpsAdmin -> Edit profile -> Session log). | (vpsAdmin -> Edit profile -> Session log). | ||
+ | |||
+ | {{: | ||
You can see when the session started, ended, what authentication method was | You can see when the session started, ended, what authentication method was | ||
- | used, IP addresses, client | + | used, IP addresses, client |
- | particular session. | + | particular session. Active sessions have a light green background. The current session |
+ | which is used to view the page has dark green background. You can end active sessions | ||
+ | by clicking on the trash bin icon. | ||