Differences

This shows you the differences between two versions of the page.

--- public:emai:zimbra_2fa [2021-03-02 15:33] – vesely
+++ public:emai:zimbra_2fa [2021-03-03 12:41] – vesely
@@ Line 3: / Line 3: @@
 Two-factor authentication is a technology that provides identification of users with the combination of two different components.
-As the 2nd factor is used the smartphone app - **Google Authenticator **{{:public:emai:pasted:20210302-162714.png}}
+As the 2nd factor is used the smartphone app - **Google Authenticator **{{:public:emai:pasted:20210302-162714.png?32x33}}
 ===== General =====
@@ Line 36: / Line 36: @@
 {{:public:emai:pasted:20210302-163305.png}}
+To configure the App, the users must add an email address and the unique Key from the Zimbra Web Client.
+{{:public:emai:pasted:20210302-163436.png}}
+All done! Now the app is configured and will show a** 6-digit code that changes after 15 seconds**.
+==== Finishing the configuration in the Web Client ====
+Once the user has the App configured and showing the 6 digit code, the user can **enter the Code **in the wizard window and click **Next**
+{{:public:emai:pasted:20210302-164648.png}}
+The two-step authentication feature is now enabled, and the user will be prompted for a code in each new Browser, smartphone, computer, or app where he or she tries to access the account.
+===== Account Security =====
+In the users’ Preferences > Accounts > Account Security (if the Admin has enabled these options under the COS), the user will see more options like the one-time codes, Trusted devices, and Applications:
+{{:public:emai:pasted:20210302-164811.png}}
+===== Testing a new Web Browser session in a new Computer =====
+If the user now goes to another Web Browser, computer, smartphone, or if he or she tries to configure Zimbra Desktop, the user will successfully pass the two-factory authentication. For example on the Web Client: One-time Codes
+{{:public:emai:pasted:20210302-164911.png}}
+{{:public:emai:pasted:20210302-164933.png}}
+===== One-Time Codes =====
+With the two-factor authentication enabled, there may be a situation when the smartphone doesn’t have battery to answer the code challenge, or the device has been lost, etc. For cases like this, Zimbra introduces the One-time codes functionality. This function allow users to generate multiple codes to use in case of emergency. The total number of one-time codes can be configured by the Admin.
+The user can click on the One-time codes View option to see the codes. The user must keep the codes secure (written somewhere, in another device, etc.).
+{{:public:emai:pasted:20210302-165038.png}}
+===== How to revoke trusted computer/device =====
+Once the user trust some computer/device user can revoke the trusted computer/device by navigating to Preferences > Accounts > Trusted Devices in Zimbra Web Client. User can revoke trust for the current device by clicking revoke this device link and all other trusted devices by clicking revoke all other devices link.
+{{:public:emai:pasted:20210302-165150.png}}
+===== Application Passcode (IMAP, ActiveSync) =====
+Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. For these users need to generate application passcode.
+==== Application passcodes ====
+  * Randomly generated.
+  * Can be created by giving a label and revoked by their label.
+  * Changing account password will revoke all application passcodes.
+==== How to create an application passcode ====
+User can create an application passcode by navigating to Preferences > Accounts > Applications and selecting Add Application Code button. User can enter the application name in the Add Application Code dialog and click Next. Application passcode will get generated and it can be used to sign in to your account.
+{{:public:emai:pasted:20210302-165320.png?600x288}}
+==== How to revoke an application passcode ====
+Once the user generates application passcode user can revoke it by navigating to Preferences > Accounts > Applications in Zimbra Web Client. User can revoke this application passcode after selecting the required name in the list.
+{{:public:emai:pasted:20210302-165448.png}}