TOTPRadius - Single factor authentication configuration options
TOTPRadius can be used as an LDAP Proxy, or to be more correct, RADIUS to LDAP Proxy. In this configuration, the user authentication is done against 2 sources: the password is verified by the upstream LDAP server(s), and the OTP is checked by the TOTPRadius itself locally. In some use cases, there is a need to exceptionally allow using a single factor authentication against TOTPRadius. This may be needed to provide access to system or other generic accounts used, for instance, in automated scripts, where the second factor is not possible to be entered.To address this issue, you can use one of the following options.
User level setting
You can set this behavior at the user level, but changing the 'Allow single factor' value to 'Enabled'
This will allow this particular user to log in using LDAP Password + OTP, OTP only, or LDAP Password only.
Please note that the LDAP Password only option will work for TOTPRadius v 0.2.7 or newer.
Subnet level
Starting from TOTPRadius v0.2.9, it is also possible to allow single factor logins from a trusted IP range. This setting is called 'Trusted IP Configuration' and can be set in the Settings → Advanced Settings section.
The value is expected in CIDR format. To disable this functionality, set the value of this field to 'none'.
About
Installation and configuration
- Installation and initial configuration
- Network configuration
- Migrating from older versions
- LDAP Configuration
- Azure AD Configuration
- Self-service enrollment portal
- Web and LDAPS Certificates
- Syslog configuration
- Single-factor authentication exceptions
- Slave appliance mode
- Dynamic RADIUS Attributes
Integration guides
Blog
15-05-2023
Azure AD Authentication methods policy migration
In an effort to enhance security and streamline administration, Microsoft introduced the Authentication methods policy for Azure AD. This policy allows administrators to manage the MFA and SSPR settings from a single location, simplifying the overall user experience. However, it's important to note that the migration process has a limitation when it comes to hardware OATH tokens.
05-05-2023
Molto2 Receives "Certified Product" Badge from Independent Third-Party Assessment by SySS GmbH
At our company, we believe in delivering safe and secure products to our customers. That's why we engaged SySS GmbH, an independent third-party security company, to conduct a thorough security assessment of our product, Molto2. We are proud to announce that Molto2 has passed this assessment with flying colors and has received a "Certified Product" badge from SySS GmbH.
21-04-2023
Introducing Token2 FIDO2 PIN+: The Security Key That Enforces Strong PIN Complexity
We are excited to announce the upcoming launch of our latest product variation, the Token2 FIDO2 PIN+. The PIN+ series is a new variation of our existing security keys that deviates from the FIDO2 standards to provide stronger PIN complexity enforcement.