Differences

This shows you the differences between two versions of the page.

--- public:emai:zimbra_2fa [2021-03-02 15:50] – vesely
+++ public:emai:zimbra_2fa [2022-06-27 14:06] – vesely
@@ Line 3: / Line 3: @@
 Two-factor authentication is a technology that provides identification of users with the combination of two different components.
-As the 2nd factor is used the smartphone app - **Google Authenticator **{{:public:emai:pasted:20210302-162714.png}}
+As the 2nd factor is used the smartphone app - **Google Authenticator **{{:public:emai:pasted:20210302-162714.png?32x33}}
 ===== General =====
@@ Line 24: / Line 24: @@
   * Once the user has installed the App, the 2FA wizard will show a unique key that the user must enter in the Smartphone OTP App.
+<font inherit/inherit;;#27ae60;;inherit>//Note: if you cannot see the option "Setup two-step authentication" contact helpdesk@cerge-ei.cz with the initial activation request.//</font>
 ===== How to Install and Configure an OTP smartphone app =====
@@ Line 70: / Line 72: @@
 The user can click on the One-time codes View option to see the codes. The user must keep the codes secure (written somewhere, in another device, etc.).
+{{:public:emai:pasted:20210302-165038.png}}
+===== How to revoke trusted computer/device =====
+Once the user trust some computer/device user can revoke the trusted computer/device by navigating to Preferences > Accounts > Trusted Devices in Zimbra Web Client. User can revoke trust for the current device by clicking revoke this device link and all other trusted devices by clicking revoke all other devices link.
+{{:public:emai:pasted:20210302-165150.png}}
+===== Application Passcode (IMAP, ActiveSync) =====
+Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. For these users need to generate application passcode.
+==== Application passcodes ====
+  * Randomly generated.
+  * Can be created by giving a label and revoked by their label.
+  * Changing account password will revoke all application passcodes.
+==== How to create an application passcode ====
+User can create an application passcode by navigating to Preferences > Accounts > Applications and selecting Add Application Code button. User can enter the application name in the Add Application Code dialog and click Next. Application passcode will get generated and it can be used to sign in to your account.
+----
+<font inherit/inherit;;#c0392b;;inherit>**IMPORTANT!!! - **</font>The appplication passcode serves as a password __once it is accepted by Zimbra during initialization procedure.__
+**You must make the __first time__  login __while__  the Appplication Passcode is displayed at the web interface.**  Click [Close] button not befor you you sucessfully authenticate your client with Zimra. I you close the Application Code dialog befor the firts authentication is done, you must repeat the process and create a new application code (you should delete the non-functional one).
+----
+{{:public:emai:pasted:20210302-165320.png?600x288}}
+==== How to revoke an application passcode ====
+Once the user generates application passcode user can revoke it by navigating to Preferences > Accounts > Applications in Zimbra Web Client. User can revoke this application passcode after selecting the required name in the list.
+{{:public:emai:pasted:20210302-165448.png}}
+===== Failed Login Attempts =====
+Please note, use of Two-Factor Authentication (2FA) does not prevent account suspension due to exceeding failed login attempts limits