public:emai:zimbra_2fa

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
public:emai:zimbra_2fa [2021-03-02 15:51] – [How to revoke trusted computer/device] veselypublic:emai:zimbra_2fa [2024-03-07 09:46] (current) vesely
Line 1: Line 1:
-====== Zimbra - Two Factor Authentication (2FA) ======+====== Zimbra - Two Factor Authentication (MFA) ======
  
-Two-factor authentication is a technology that provides identification of users with the combination of two different components.+{{:public:pasted:20240307-094051.png?225x48}}
  
-As the 2nd factor is used the smartphone app - **Google Authenticator **{{:public:emai:pasted:20210302-162714.png}}+Two-factor authentication (Multi-Factor aka MFA) is a technology that provides identification of users with the combination of two different components. 
 + 
 +As the 2nd factor is used the smartphone app - **Google Authenticator **{{:public:emai:pasted:20210302-162714.png?32x33}}
  
 ===== General ===== ===== General =====
Line 24: Line 26:
  
   * Once the user has installed the App, the 2FA wizard will show a unique key that the user must enter in the Smartphone OTP App.   * Once the user has installed the App, the 2FA wizard will show a unique key that the user must enter in the Smartphone OTP App.
 + <font inherit/inherit;;#27ae60;;inherit>//Note: if you cannot see the option "Setup two-step authentication" contact helpdesk@cerge-ei.cz with the initial activation request.//</font>
  
 ===== How to Install and Configure an OTP smartphone app ===== ===== How to Install and Configure an OTP smartphone app =====
Line 74: Line 77:
  
 ===== How to revoke trusted computer/device ===== ===== How to revoke trusted computer/device =====
 +
 Once the user trust some computer/device user can revoke the trusted computer/device by navigating to Preferences > Accounts > Trusted Devices in Zimbra Web Client. User can revoke trust for the current device by clicking revoke this device link and all other trusted devices by clicking revoke all other devices link. Once the user trust some computer/device user can revoke the trusted computer/device by navigating to Preferences > Accounts > Trusted Devices in Zimbra Web Client. User can revoke trust for the current device by clicking revoke this device link and all other trusted devices by clicking revoke all other devices link.
  
 {{:public:emai:pasted:20210302-165150.png}} {{:public:emai:pasted:20210302-165150.png}}
  
 +===== Application Passcode (IMAP, ActiveSync) =====
 +
 +Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. For these users need to generate application passcode.
 +
 +==== Application passcodes ====
 +
 +  * Randomly generated.
 +  * Can be created by giving a label and revoked by their label.
 +  * Changing account password will revoke all application passcodes.
 +
 +==== How to create an application passcode ====
 +
 +User can create an application passcode by navigating to Preferences > Accounts > Applications and selecting Add Application Code button. User can enter the application name in the Add Application Code dialog and click Next. Application passcode will get generated and it can be used to sign in to your account.
 +
 +----
 + <font inherit/inherit;;#c0392b;;inherit>**IMPORTANT!!! - **</font>  The appplication passcode serves as a password __once it is accepted by Zimbra during initialization procedure.__
 +
 +**You must make the __first time__  login __while__  the Appplication Passcode is displayed at the web interface.**  Click [Close] button not befor you you sucessfully authenticate your client with Zimra. I you close the Application Code dialog befor the firts authentication is done, you must repeat the process and create a new application code (you should delete the non-functional one).
 +
 +----
 +
 +{{:public:emai:pasted:20210302-165320.png?600x288}}
 +
 +==== How to revoke an application passcode ====
 +
 +Once the user generates application passcode user can revoke it by navigating to Preferences > Accounts > Applications in Zimbra Web Client. User can revoke this application passcode after selecting the required name in the list.
 +
 +{{:public:emai:pasted:20210302-165448.png}}
 +
 +===== Application Passcode (Outgoing - SMTP) =====
 +
 +SMTP sending is done via Ironport gateway which authenticates users against Zimbra mailserver so it is necessary to generate one extra application passcode which will be then assigned to Ironport communication with Zimbra (Zimbra cannot distinguish among your SMTP clients connected via Irinport, hence only one code can be used)
 +
 +Steps:
 +
 +1) Log into your Zimbra account → Preferences → Accounts → Primary account settings → [Add Application Code]
 +
 +2) Name the new Application Code somehow descriptive (e.g. "Ironport SMTP authentication")
 +
 +3) Display Application code and WRITE IT DOWN (you will need it later if you want to add another SMTP client).
 +
 +4) DO NOT CLOSE windows with displayed code until you do the proper authentication via your SMTP client (see the following steps)
 +
 +5) Set SMTP as follows:
 +
 +- Server Address: mailgw.cerge-ei.cz \\
 +- Connection Security: STARTTLS (or Auto) \\
 +- Port: 587 (default) \\
 +- Authentication Method: Normal password (ordinary PC/network password)
 +
 +6) Enter your username without domain (e.g. **jdoe**  )
 +
 +7) Into password field put the Authentication code still displayed in Zimbra web interface (use CAPITAL letters)
 +
 +8) Save configuration and test sending email.
 +
 +9) You may close the Access Code window If email is successuly sent.
 +
 +10) If you want to add another SMTP client for your account, just reuse the Authentication code written down and follow steps 5 to 8
 +
 +===== Failed Login Attempts =====
 +
 +Please note, use of Two-Factor Authentication (2FA) does not prevent account suspension due to exceeding failed login attempts limits
  
  
  • /var/www/html/dokuwiki/data/attic/public/emai/zimbra_2fa.1614700319.txt.gz
  • Last modified: 2021-03-02 15:51
  • by vesely