khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-03 02:09:45 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #936 from nextcloud/revert-932-enhancement/revamped-2fa-docs

Browse Source 
Revert "Revamp 2FA admin docs"
This commit is contained in:
Morris Jobke
2018-11-22 10:05:02 +01:00
committed by GitHub
parent 7612d3dfbe 715aed21f0
commit 7ceff622ff
1 changed files with 6 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
admin_manual/configuration_user/two_factor-auth.rst
View File

@@ -1,23 +1,17 @@
=========================
Two-factor authentication
Two factor authentication
=========================
Two-factor authentication adds an additional layer of security to user accounts. In order to log
in on an account with two-factor authentication (2FA) enabled, it is necessary to provide both the
login password and another factor. 2FA in Nextcloud is pluggable, meaning that they are not part
of the Nextcloud Server component but provided by official and 3rd-party Nextcloud apps.
Starting with Nextcloud 10, it is possible to use two factor authentication
(2FA) with Nextcloud. It is a plugin based system requiring a 2FA app.
Several 2FA apps are already available including
`TOTP <https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm>`_,
a Telegram/Signal/SMS gateway and `U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_.
Developers can `build new two-factor provider apps <https://docs.nextcloud.com/server/14/developer_manual/app/two-factor-provider.html>`_.
SMS 2-factor and `U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_.
Developers can `built new two-factor provider apps <https://docs.nextcloud.com/server/14/developer_manual/app/two-factor-provider.html>`_.
.. TODO ON RELEASE: Update version number above on release
Enabling two-factor authentication
Enabling two factor authentication
----------------------------------
You can enable 2FA by installing and enabling a 2FA app like TOTP which works
@@ -27,32 +21,6 @@ you want, 2FA will be installed and enabled on your Nextcloud server.
.. figure:: ../images/2fa-app-install.png
.. TODO: new screenshot
Once 2FA has been enabled, users have to `activate it in their personal settings. <https://docs.nextcloud.com/server/14/user_manual/user_2fa.html>`_
.. TODO ON RELEASE: Update version number above on release
Enforcing two-factor authentication
-----------------------------------
By default 2FA is *optional*, hence users are given the choice whether to enable
it for their account. Since Nextcloud 15 have the option to enforce the use of 2FA.
Enforcement is possible systemwide (all users), for selected groups only and can
also be excluded for certain groups.
These settings can be found in the administrator's security settings.
.. TODO: screenshot
When groups are selected/excluded, they use the following logic to determine if
a user has 2FA enforced:
* If no groups are selected, 2FA is enabled for everyone except members of the excluded groups
* If groups are selected, 2FA is enabled for all members of these. If a user is both in a
selected *and* excluded group, the selected takes precedence and 2FA is enforced.