TOTPRadius - Single factor authentication configuration optionsTOTPRadius can be used as an LDAP Proxy, or to be more correct, RADIUS to LDAP Proxy. In this configuration, the user authentication is done against 2 sources: the password is verified by the upstream LDAP server(s), and the OTP is checked by the TOTPRadius itself locally. In some use cases, there is a need to exceptionally allow using a single factor authentication against TOTPRadius. This may be needed to provide access to system or other generic accounts used, for instance, in automated scripts, where the second factor is not possible to be entered.
To address this issue, you can use one of the following options.
User level setting
You can set this behavior at the user level, but changing the 'Allow single factor' value to 'Enabled'
This will allow this particular user to log in using LDAP Password + OTP, OTP only, or LDAP Password only.
Please note that the LDAP Password only option will work for TOTPRadius v 0.2.7 or newer.
Starting from TOTPRadius v0.2.9, it is also possible to allow single factor logins from a trusted IP range. This setting is called 'Trusted IP Configuration' and can be set in the Settings → Advanced Settings section.
The value is expected in CIDR format. To disable this functionality, set the value of this field to 'none'.
- Installation and initial configuration
- Network configuration
- Migrating from older versions
- LDAP Configuration
- Azure AD Configuration
- Self-service enrollment portal
- Web and LDAPS Certificates
- Syslog configuration
- Single-factor authentication exceptions
- Slave appliance mode
- Dynamic RADIUS Attributes
Top myths about FIDO2 security keys and Passwordless access
We have been getting quite a lot of questions about the security level of FIDO keys, in the light of some recent news and research papers covering potential vulnerabilities of both the protocol stack itself and the hardware of certain implementations.
molto2.py - Molto2 USB Config tool
molto2.py is a solution developed by Token2 to program and configure the Molto2v2 TOTP hardware tokens using pyscard python library. It works under Linux, macOS and Windows.
Introducing Passwordless Login for Our Website!
At Token2, we are always looking for ways to improve the user experience and make it as convenient and secure as possible. That's why we are excited to announce the addition of a passwordless login option for our website.