Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:emai:zimbra_2fa [2021-03-02 15:54] – vesely | public:emai:zimbra_2fa [2024-03-07 09:46] (current) – vesely | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Zimbra - Two Factor Authentication (2FA) ====== | + | ====== Zimbra - Two Factor Authentication (MFA) ====== |
- | Two-factor authentication is a technology that provides identification of users with the combination of two different components. | + | {{: |
- | As the 2nd factor is used the smartphone app - **Google Authenticator **{{: | + | Two-factor authentication (Multi-Factor aka MFA) is a technology that provides identification of users with the combination of two different components. |
+ | |||
+ | As the 2nd factor is used the smartphone app - **Google Authenticator **{{: | ||
===== General ===== | ===== General ===== | ||
Line 24: | Line 26: | ||
* Once the user has installed the App, the 2FA wizard will show a unique key that the user must enter in the Smartphone OTP App. | * Once the user has installed the App, the 2FA wizard will show a unique key that the user must enter in the Smartphone OTP App. | ||
+ | < | ||
===== How to Install and Configure an OTP smartphone app ===== | ===== How to Install and Configure an OTP smartphone app ===== | ||
Line 79: | Line 82: | ||
{{: | {{: | ||
- | ===== Application Passcode ===== | + | ===== Application Passcode |
Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. For these users need to generate application passcode. | Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. For these users need to generate application passcode. | ||
- | Application passcodes: | + | ==== Application passcodes |
* Randomly generated. | * Randomly generated. | ||
Line 92: | Line 95: | ||
User can create an application passcode by navigating to Preferences > Accounts > Applications and selecting Add Application Code button. User can enter the application name in the Add Application Code dialog and click Next. Application passcode will get generated and it can be used to sign in to your account. | User can create an application passcode by navigating to Preferences > Accounts > Applications and selecting Add Application Code button. User can enter the application name in the Add Application Code dialog and click Next. Application passcode will get generated and it can be used to sign in to your account. | ||
+ | |||
+ | ---- | ||
+ | < | ||
+ | |||
+ | **You must make the __first time__ | ||
+ | |||
+ | ---- | ||
{{: | {{: | ||
Line 98: | Line 108: | ||
Once the user generates application passcode user can revoke it by navigating to Preferences > Accounts > Applications in Zimbra Web Client. User can revoke this application passcode after selecting the required name in the list. | Once the user generates application passcode user can revoke it by navigating to Preferences > Accounts > Applications in Zimbra Web Client. User can revoke this application passcode after selecting the required name in the list. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ===== Application Passcode (Outgoing - SMTP) ===== | ||
+ | |||
+ | SMTP sending is done via Ironport gateway which authenticates users against Zimbra mailserver so it is necessary to generate one extra application passcode which will be then assigned to Ironport communication with Zimbra (Zimbra cannot distinguish among your SMTP clients connected via Irinport, hence only one code can be used) | ||
+ | |||
+ | Steps: | ||
+ | |||
+ | 1) Log into your Zimbra account → Preferences → Accounts → Primary account settings → [Add Application Code] | ||
+ | |||
+ | 2) Name the new Application Code somehow descriptive (e.g. " | ||
+ | |||
+ | 3) Display Application code and WRITE IT DOWN (you will need it later if you want to add another SMTP client). | ||
+ | |||
+ | 4) DO NOT CLOSE windows with displayed code until you do the proper authentication via your SMTP client (see the following steps) | ||
+ | |||
+ | 5) Set SMTP as follows: | ||
+ | |||
+ | - Server Address: mailgw.cerge-ei.cz \\ | ||
+ | - Connection Security: STARTTLS (or Auto) \\ | ||
+ | - Port: 587 (default) \\ | ||
+ | - Authentication Method: Normal password (ordinary PC/network password) | ||
+ | |||
+ | 6) Enter your username without domain (e.g. **jdoe** | ||
+ | |||
+ | 7) Into password field put the Authentication code still displayed in Zimbra web interface (use CAPITAL letters) | ||
+ | |||
+ | 8) Save configuration and test sending email. | ||
+ | |||
+ | 9) You may close the Access Code window If email is successuly sent. | ||
+ | |||
+ | 10) If you want to add another SMTP client for your account, just reuse the Authentication code written down and follow steps 5 to 8 | ||
+ | |||
+ | ===== Failed Login Attempts ===== | ||
+ | |||
+ | Please note, use of Two-Factor Authentication (2FA) does not prevent account suspension due to exceeding failed login attempts limits | ||