User Tools

Site Tools


manuals:vps:users

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
manuals:vps:users [2019/05/20 07:51] – multiple totp devices Aithermanuals:vps:users [2025/02/23 16:40] (current) – hw passkeys first, more sw examples aither
Line 33: Line 33:
 ===== Two-factor authentication (2FA) ===== ===== Two-factor authentication (2FA) =====
 Two-factor authentication for vpsAdmin using Two-factor authentication for vpsAdmin using
-[[wp>Time-based One-time Password algorithm|TOTP]] +[[wp>Time-based One-time Password algorithm|TOTP]] or [[wp>WebAuthn|passkeys]] 
-can be optionally enabled. You then need both the password and TOTP to log in.+can be optionally enabled. You then need both the password and one of the 
 +additional authentication devices. It is possible to combine TOTP and passkeys, 
 +using one of the configured authentication devices is sufficient to log in.
  
 When enabled, the two-factor authentication is mandatory for access to When enabled, the two-factor authentication is mandatory for access to
Line 42: Line 44:
 will cease to work. will cease to work.
  
-2FA can be enabled in profile settings (vpsAdmin -> Edit profile).+2FA can be enabled in profile settings (vpsAdmin -> Edit profile). Note that 2FA is active 
 +only when there's at least one authentication device enabled.
  
 {{:navody:vps:2fa_status.png?200|}} {{:navody:vps:2fa_status.png?200|}}
 +
 +==== TOTP ====
  
 You can setup TOTP e.g. on your mobile phone using applications like You can setup TOTP e.g. on your mobile phone using applications like
Line 67: Line 72:
 {{:navody:vps:totp_device_list.png?300|}} {{:navody:vps:totp_device_list.png?300|}}
  
-===== Session tokens ===== +==== Passkeys ==== 
-Users can authenticate in vpsAdmin using HTTP basic or tokens. +You can use hardware security tokens (YubiKey, GoTrust IdemKey, etc.) or software keychains such as KeePassXC, KeePassium, iCloud Keychain, Google Password Manager, Microsoft Windows Hello, 1Password
-The latter can be seen and managed from vpsAdmin (vpsAdmin -> Edit profile -> +
-Session tokens).+
  
-{{navody:vps:auth_tokens.png?300|}}+Authentication using passkeys is available only in web browser, it cannot be used 
 +with [[manuals:vps:api#cli|vpsfreectl]], which requires TOTP.
  
-You can see a list of active session tokens, their lifetime and who +First register your passkeys in vpsAdmin -> Edit profile -> Passkeys. Then enable 
-created them. This list is useful when you have multiple long-lived tokens for +2FA in vpsAdmin -> Edit profile.
-various client applications.+
  
-The web UI itself uses session tokensYou can create tokens using CLI +===== Session control ===== 
-or any client library and label themso you'll recognize them in the future.+In profile settings (vpsAdmin -> Edit profile), there's a "Session control" form: 
 + 
 +{{:navody:vps:user-session-control.png?300}} 
 + 
 +  * **Enable single sign-on** will let you enter vpsAdmin credentials once and log in to vpsAdminknowledge base and Discourse 
 +  * **Preferred session length** will configure time to logout on inactivity in vpsAdmin web interface, it defaults to 20 minutes 
 +  * **Logout all** will always log you out from all sessions of the same client, e.g. if you're logged into vpsAdmin from different browsers or devices, logout on one will logout all of them
  
 ===== Session log ===== ===== Session log =====
 vpsAdmin logs all user sessions and remembers what actions were performed vpsAdmin logs all user sessions and remembers what actions were performed
 (vpsAdmin -> Edit profile -> Session log). (vpsAdmin -> Edit profile -> Session log).
 +
 +{{:navody:vps:user-session-log.png?300}}
  
 You can see when the session started, ended, what authentication method was You can see when the session started, ended, what authentication method was
-used, IP addresses, client idenfitication and a list of executed actions in a +used, IP addresses, client identification and a list of executed actions in a 
-particular session.+particular session. Active sessions have a light green background. The current session 
 +which is used to view the page has dark green background. You can end active sessions 
 +by clicking on the trash bin icon.
  
manuals/vps/users.1558338681.txt.gz · Last modified: 2019/05/20 07:51 by Aither