Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. OpenCloud
  3. OpenCloud - MFA / Keycloak

OpenCloud - MFA / Keycloak

Scheduled Pinned Locked Moved OpenCloud
2 Posts 2 Posters 23 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • necrevistonnezrN Offline
    necrevistonnezrN Offline
    necrevistonnezr
    wrote last edited by
    #1

    Just installed the hidden package. There’s no MFA which makes this not „state of the art“ (in a legal sense) and hence not usable for production.

    MFA is mandatory according to:
    EU

    • NIS2 Directive: Mandates MFA for "essential" and "important" entities (energy, health, digital providers, etc.) to ensure supply chain security.
    • DORA (Digital Operational Resilience Act): Requires strict identity management and MFA for the financial sector and its cloud service providers.
    • GDPR (General Data Protection Regulation): Under Article 32 ("Security of processing"), MFA is considered the "state of the art" requirement for protecting personal data in the cloud.
    • PSD2/PSD3: Requires Strong Customer Authentication (SCA) for accessing banking interfaces and authorizing online payments.

    USA

    • Executive Order 14028: Mandates MFA for all federal agencies and any software service providers (SaaS/Cloud) doing business with the US government.
    • FTC Safeguards Rule (GLBA): Explicitly requires MFA for any financial institution (including non-banks like mortgage brokers) to protect customer data.
    • HIPAA: While not naming "MFA" specifically in the original text, current HHS guidance treats MFA as a mandatory technical safeguard for protecting electronic Protected Health Information (ePHI).
    • NYDFS 23 NYCRR 500: A highly influential New York state regulation requiring MFA for anyone accessing internal networks or cloud-based applications containing non-public information.
    • SEC Cybersecurity Rule: Requires public companies to disclose their risk management strategy; lack of MFA is now frequently cited as a material deficiency.

    Global Standards

    • PCI DSS 4.0: Mandatory MFA for all personnel with access to the Cardholder Data Environment (CDE).
    • SOC 2 Type II: While a framework rather than a law, MFA is a baseline requirement for the "Security" trust service criteria in cloud audits.

    https://docs.opencloud.eu/docs/admin/configuration/authentication-and-user-management#authentication-with-keycloak suggests that you need integration with Keycloak to have MFA.

    1 Reply Last reply
    2
    • J Online
      J Online
      joseph
      Staff
      wrote last edited by
      #2

      Guess it will have MFA when we get OIDC working with Cloudron as well.

      1 Reply Last reply
      2
      Reply
      • Reply as topic
      Log in to reply
      • Oldest to Newest
      • Newest to Oldest
      • Most Votes

      • Login
      • Don't have an account? Register
      • Login or register to search.
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • Bookmarks
      • Search