Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. LDAP + 2FA support for Cloudron Apps

LDAP + 2FA support for Cloudron Apps

Scheduled Pinned Locked Moved Feature Requests
3 Posts 3 Posters 473 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • njN Offline
    njN Offline
    nj
    wrote on last edited by nj
    #1

    I am starting a new topic to keep the discussion to the point. Previous discussions are linked at the bottom of this post. This is to request Cloudron to support inline TOTP code with LDAP Password in the form password;2FCODE.

    ;TLDR User Stories

    Admin can choose to opt-in for password:2fcode feature from Settings.
    During authentication, Cloudron checks for the setting, and if enabled, splits password and 2fcode.
    Cloudron performs authentication based on password and the 2fa code.

    The last discussion with @girish ended with him mentioning that there's some standardization going on in the field of 2FA in custom fields of LDAP. Out of curiosity, I looked at the roadmaps of many open source projects and found that very few have any plans to standardize or even support TOTP secret through LDAP fields. I have no hopes of any standardization in the near future that Cloudron can look forward to.

    I am serious about security, and mandate everyone in my team to enable 2FA whenever possible. We're also using more and more new apps, and I'm seeing mandatory 2FA in individual apps a lot of trouble to go through.

    I already have 13 different entries for individual apps' 2FA codes, and the list is growing. Then there are the recovery codes of all apps written on dozens of pieces of paper - The situation is the same across the team, and it's only going to be worse when we stop using apps.

    Please do something about it! Pretty, please? šŸ™„

    More discussion on this topic:
    https://forum.cloudron.io/topic/3285/2fa-for-all-ldap-apps/39
    https://forum.cloudron.io/topic/2433/the-real-sso-with/1
    https://forum.cloudron.io/topic/1972/i-am-missing-real-sso/1

    Founder / Coder ā€¢ My Apps

    girishG 1 Reply Last reply
    2
    • girishG Offline
      girishG Offline
      girish Staff
      replied to nj on last edited by
      #2

      @nj Right. Making baby steps here. Already added 2FA now for the proxy auth in 6.1. Maybe we can add this feature to 6.2. I had created a task to implement this - https://git.cloudron.io/cloudron/box/-/issues/705 . It relied on mandatory 2FA which was implemented in 5.4.

      P 1 Reply Last reply
      1
      • P Offline
        P Offline
        plusone-nick
        replied to girish on last edited by
        #3

        @girish said in LDAP + 2FA support for Cloudron Apps:

        Making baby steps here.
        šŸ¦¾ Almost a slow walk šŸ˜‰šŸ™

        āœŒšŸ’™+1

        1 Reply Last reply
        1

        • Login
        • Don't have an account? Register
        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Bookmarks
        • Search