5 2 0: Konfigurieren der Multi-Factor Authentifizierung

Willkommen in der aktuellsten Version der SEP sesam Dokumentation 5.2.0 Artemis. Frühere Versionen der Dokumentation finden Sie hier: Documentation Archiv.

Übersicht

Weitere Quellen

Benutzerrollen und Berechtigungen Über Authentifizierung und Autorisierung Konfigurieren der Datenbank-basierten Authentifizierung Konfigurieren der LDAP/AD Authentifizierung Konfigurieren der Zertifikat-basierten Authentifizierung

---

Unter SEP sesam YouTube Channel finden Sie aktuelle Videos und Webinare.

Unter FAQ finden Sie Antworten auf die häufigsten Fragen.

Im Problemfall nutzen Sie den Troubleshooting Guide.

Falls Sie eine ältere SEP sesam Version verwenden, schauen Sie bitte ins Dokumentationsarchiv.

Multi-factor Authentication (MFA) strengthens the security of user authentication by requiring two or more verification methods before granting access. SEP sesam supports two-factor authentication to provide a higher level of protection. In addition to the primary authentication method (either policy-based or database-based) additional authentication requirements can be configured. This adds another security layer to enhance login functionality and ensure reliable verification of the user’s identity.

Available authentication options

With two-factor authentication, one of the following options can be configured as a secondary authentication method:

• Email authentication: In addition to the primary login credentials, the user must provide a confirmation code received via email. This code expires after 5 minutes, ensuring that only recent and valid codes are used for authentication.

• Certificate authentication: This method requires users to present a trusted digital certificate with their login credentials.

• One-Time Password (OTP) authentication: This method uses an authentication application (such as Samsung Pass, Google Authenticator, or similar tools). During setup, the user creates an application login account, which generates one-time passwords or verification codes. Each verification code is valid for 30 seconds before a new code is automatically generated. The user provides the current verification code with their login credentials to authenticate.

Wichtige Funktionen

• The additional authentication layer at login introduces complexity to enhance user identity verification, minimizing the risk of compromising or misusing user accounts and strengthening the security.
• The secondary authentication method can be configured individually for each user to accommodate their preferences and security requirements.

Configuring the two-factor authentication

To configure two-factor authentication for a new or existing user, follow these steps:

1. In the GUI, in the menu bar navigate to Configuration -> Permission Management. The Permission Management window opens.
2. In the Users tab, select the user you want to modify and click Change.
3. Select the required multi-factor authentication option:
   • Off - Disable multi-factor authentication.
   • Certificate - Enable secondary authentication using a trusted digital certificate.
   • E-mail - Enable secondary authentication using a confirmation code sent by email.
   • One time password - Enable secondary authentication using a verification code generated by an authenticator app.
4. Click OK and close the window.

Alternatively, you can click Create New to configure a new user and select the required multi-factor authentication method.

Enforcing two-factor authentication for all users

gui.auth.mfa.force_type

Assign one of the following values: certificate, email or OTP. For more information on setting the global variables, refer to Configuring System Settings.

Reseting account for one-time password

Siehe auch

Benutzerrollen und Berechtigungen – Über Authentifizierung und Autorisierung – Konfigurieren der Datenbank-basierten Authentifizierung – Konfigurieren der LDAP/AD Authentifizierung – Konfigurieren der Zertifikat-basierten Authentifizierung