public:emai:zimbra_2fa

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
public:emai:zimbra_2fa [2021-03-03 12:45] veselypublic:emai:zimbra_2fa [2024-03-07 09:46] (current) vesely
Line 1: Line 1:
-====== Zimbra - Two Factor Authentication (2FA) ======+====== Zimbra - Two Factor Authentication (MFA) ======
  
-Two-factor authentication is a technology that provides identification of users with the combination of two different components.+{{:public:pasted:20240307-094051.png?225x48}} 
 + 
 +Two-factor authentication (Multi-Factor aka MFA) is a technology that provides identification of users with the combination of two different components.
  
 As the 2nd factor is used the smartphone app - **Google Authenticator **{{:public:emai:pasted:20210302-162714.png?32x33}} As the 2nd factor is used the smartphone app - **Google Authenticator **{{:public:emai:pasted:20210302-162714.png?32x33}}
Line 24: Line 26:
  
   * Once the user has installed the App, the 2FA wizard will show a unique key that the user must enter in the Smartphone OTP App.   * Once the user has installed the App, the 2FA wizard will show a unique key that the user must enter in the Smartphone OTP App.
 + <font inherit/inherit;;#27ae60;;inherit>//Note: if you cannot see the option "Setup two-step authentication" contact helpdesk@cerge-ei.cz with the initial activation request.//</font>
  
 ===== How to Install and Configure an OTP smartphone app ===== ===== How to Install and Configure an OTP smartphone app =====
Line 92: Line 95:
  
 User can create an application passcode by navigating to Preferences > Accounts > Applications and selecting Add Application Code button. User can enter the application name in the Add Application Code dialog and click Next. Application passcode will get generated and it can be used to sign in to your account. User can create an application passcode by navigating to Preferences > Accounts > Applications and selecting Add Application Code button. User can enter the application name in the Add Application Code dialog and click Next. Application passcode will get generated and it can be used to sign in to your account.
 +
 +----
 + <font inherit/inherit;;#c0392b;;inherit>**IMPORTANT!!! - **</font>  The appplication passcode serves as a password __once it is accepted by Zimbra during initialization procedure.__
 +
 +**You must make the __first time__  login __while__  the Appplication Passcode is displayed at the web interface.**  Click [Close] button not befor you you sucessfully authenticate your client with Zimra. I you close the Application Code dialog befor the firts authentication is done, you must repeat the process and create a new application code (you should delete the non-functional one).
 +
 +----
  
 {{:public:emai:pasted:20210302-165320.png?600x288}} {{:public:emai:pasted:20210302-165320.png?600x288}}
Line 100: Line 110:
  
 {{:public:emai:pasted:20210302-165448.png}} {{:public:emai:pasted:20210302-165448.png}}
 +
 +===== Application Passcode (Outgoing - SMTP) =====
 +
 +SMTP sending is done via Ironport gateway which authenticates users against Zimbra mailserver so it is necessary to generate one extra application passcode which will be then assigned to Ironport communication with Zimbra (Zimbra cannot distinguish among your SMTP clients connected via Irinport, hence only one code can be used)
 +
 +Steps:
 +
 +1) Log into your Zimbra account → Preferences → Accounts → Primary account settings → [Add Application Code]
 +
 +2) Name the new Application Code somehow descriptive (e.g. "Ironport SMTP authentication")
 +
 +3) Display Application code and WRITE IT DOWN (you will need it later if you want to add another SMTP client).
 +
 +4) DO NOT CLOSE windows with displayed code until you do the proper authentication via your SMTP client (see the following steps)
 +
 +5) Set SMTP as follows:
 +
 +- Server Address: mailgw.cerge-ei.cz \\
 +- Connection Security: STARTTLS (or Auto) \\
 +- Port: 587 (default) \\
 +- Authentication Method: Normal password (ordinary PC/network password)
 +
 +6) Enter your username without domain (e.g. **jdoe**  )
 +
 +7) Into password field put the Authentication code still displayed in Zimbra web interface (use CAPITAL letters)
 +
 +8) Save configuration and test sending email.
 +
 +9) You may close the Access Code window If email is successuly sent.
 +
 +10) If you want to add another SMTP client for your account, just reuse the Authentication code written down and follow steps 5 to 8
  
 ===== Failed Login Attempts ===== ===== Failed Login Attempts =====
  • /var/www/html/dokuwiki/data/attic/public/emai/zimbra_2fa.1614775526.txt.gz
  • Last modified: 2021-03-03 12:45
  • by vesely