TOTPRadius - Single factor authentication configuration options
TOTPRadius can be used as an LDAP Proxy, or to be more correct, RADIUS to LDAP Proxy. In this configuration, the user authentication is done against 2 sources: the password is verified by the upstream LDAP server(s), and the OTP is checked by the TOTPRadius itself locally. In some use cases, there is a need to exceptionally allow using a single factor authentication against TOTPRadius. This may be needed to provide access to system or other generic accounts used, for instance, in automated scripts, where the second factor is not possible to be entered.To address this issue, you can use one of the following options.
User level setting
You can set this behavior at the user level, but changing the 'Allow single factor' value to 'Enabled'
This will allow this particular user to log in using LDAP Password + OTP, OTP only, or LDAP Password only.
Please note that the LDAP Password only option will work for TOTPRadius v 0.2.7 or newer.
Subnet level
Starting from TOTPRadius v0.2.9, it is also possible to allow single factor logins from a trusted IP range. This setting is called 'Trusted IP Configuration' and can be set in the Settings → Advanced Settings section.
The value is expected in CIDR format. To disable this functionality, set the value of this field to 'none'.
About
Installation and configuration
- Installation and initial configuration
- Network configuration
- Migrating from older versions
- LDAP Configuration
- Azure AD Configuration
- Self-service enrollment portal
- Web and LDAPS Certificates
- Syslog configuration
- Single-factor authentication exceptions
- Slave appliance mode
- Dynamic RADIUS Attributes
Integration guides
Blog
18-08-2023
Introducing the New Python-Powered TOTP tool for Token2 FIDO2 Security Keys!
Manage and use TOTP/HOTP codes via Python CLI script using a PC/SC device (USB NFC) or directly via USB. A cross-platform solution that works under Windows, macOS and Linux platforms.
Python-based tools are essential not only for their cross-platform compatibility, but also because their source-available nature allows experts/developers to examine the source code, ensuring transparency and minimizing the risk of hidden vulnerabilities or malicious elements. A GUI wrapper for the script is also available.
23-06-2023
Mass Production of Token2's PIN+ Series: Enhanced FIDO2 Security Keys
Token2 is excited to announce the upcoming mass production of their revolutionary PIN+ series, a line of FIDO2 Security keys. These security keys feature advanced PIN complexity rules that set a new standard for security. The firmware development for the PIN+ series is now complete, and the company is currently making preparations for mass production.
08-06-2023
Azure AD Now Supports FIDO2 Security Keys on Safari on iOS
In a significant development for iOS users, Microsoft Azure Active Directory (AD) has expanded its support for FIDO2 security keys on the Safari browser. This advancement is a crucial step towards enhancing security and usability on Apple's mobile devices, ensuring seamless authentication experiences for Azure AD users. With FIDO2 security keys, users can now enjoy passwordless access to their Azure AD accounts, boosting convenience and significantly reducing the risk of password-related attacks. Let's dive deeper into this exciting development and explore the benefits it brings to iOS users.