TOTPRadius - Single factor authentication configuration optionsTOTPRadius can be used as an LDAP Proxy, or to be more correct, RADIUS to LDAP Proxy. In this configuration, the user authentication is done against 2 sources: the password is verified by the upstream LDAP server(s), and the OTP is checked by the TOTPRadius itself locally. In some use cases, there is a need to exceptionally allow using a single factor authentication against TOTPRadius. This may be needed to provide access to system or other generic accounts used, for instance, in automated scripts, where the second factor is not possible to be entered.
To address this issue, you can use one of the following options.
User level setting
You can set this behavior at the user level, but changing the 'Allow single factor' value to 'Enabled'
This will allow this particular user to log in using LDAP Password + OTP, OTP only, or LDAP Password only.
Please note that the LDAP Password only option will work for TOTPRadius v 0.2.7 or newer.
Starting from TOTPRadius v0.2.9, it is also possible to allow single factor logins from a trusted IP range. This setting is called 'Trusted IP Configuration' and can be set in the Settings → Advanced Settings section.
The value is expected in CIDR format. To disable this functionality, set the value of this field to 'none'.
- Installation and initial configuration
- Network configuration
- Migrating from older versions
- LDAP Configuration
- Azure AD Configuration
- Self-service enrollment portal
- Web and LDAPS Certificates
- Syslog configuration
- Single-factor authentication exceptions
- Slave appliance mode
- Dynamic RADIUS Attributes
Provisioning Token2 TOTP programmable tokens - a universal guide
We have a lot of integration guides describing the process of enrolling our programmable tokens with different systems, such as Google, Microsoft, Facebook and many others.
Using programmable hardware tokens with Azure AD B2C
On August 16th, 2022, Microsoft announced TOTP-based MFA for Azure AD B2C as generally available. The name used for this authentication method is "OATH software tokens", which is another name for TOTP authentication apps like Google Authenticator or Microsoft Authenticator.
Python version of the NFC Burner app - token2_config.py
We have been getting many requests from the customers asking to make the NFC Burner tools available under macOS and Linux.