Two-Factor Authentication (2FA): различия между версиями
Нет описания правки |
|||
| (не показаны 4 промежуточные версии 2 участников) | |||
| Строка 1: | Строка 1: | ||
[[Two-Factor_Authentication_(2FA)|en]] | [[Двухфакторная_аутентификация_(2FA)|ru]] | [[Two-Factor_Authentication_(2FA)|en]] | [[Двухфакторная_аутентификация_(2FA)|ru]] | ||
It is possible to configure the use of two-factor authorisation for customer logins. | |||
The "Google Authenticator" application is used | |||
[[Файл: 2FA.jpg|thumb|800px|center]] | |||
To enable/disable this feature, use a variable in the .env file | |||
<pre> | |||
US_2FA_ENABLED=1 | |||
</pre> | |||
After enabling this variable '''when a correct username and password are entered''' when a customer logs in: | |||
* If the customer has not yet configured 2FA - a QR code will be displayed to add the resource to the Google Authenticator application | |||
* If the customer has already configured 2FA - an additional field for entering the code from the "Google Authenticator" application will appear. | |||
In case the customer loses his/her phone and, consequently, access, or for other reasons - it is possible to reset 2FA binding in the customer's card, which will require a new registration/setup of 2FA at the next login attempt. | |||
<br> | |||
'''Starting from version 3.20:''' | |||
<span id="anchor_320_64_EN">In the configuration file, you can now use a list of trusted IP addresses to allow access without 2FA authentication ''(when 2FA is enabled)''</span> | |||
In the configuration file '''[ERP-DIR]/legacy/Config/config.php''' you can list IP addresses not to use 2FA to. | |||
$whiteList2FaIpArray = [ | |||
'127.0.0.1', | |||
'192.168.0.1', | |||
]; | |||
Links to official applications: | |||
Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 | |||
iOS: https://apps.apple.com/ru/app/google-authenticator/id388497605 | |||
Текущая версия от 14:49, 28 июля 2025
It is possible to configure the use of two-factor authorisation for customer logins. The "Google Authenticator" application is used
To enable/disable this feature, use a variable in the .env file
US_2FA_ENABLED=1
After enabling this variable when a correct username and password are entered when a customer logs in:
- If the customer has not yet configured 2FA - a QR code will be displayed to add the resource to the Google Authenticator application
- If the customer has already configured 2FA - an additional field for entering the code from the "Google Authenticator" application will appear.
In case the customer loses his/her phone and, consequently, access, or for other reasons - it is possible to reset 2FA binding in the customer's card, which will require a new registration/setup of 2FA at the next login attempt.
Starting from version 3.20:
In the configuration file, you can now use a list of trusted IP addresses to allow access without 2FA authentication (when 2FA is enabled)
In the configuration file [ERP-DIR]/legacy/Config/config.php you can list IP addresses not to use 2FA to.
$whiteList2FaIpArray = [
'127.0.0.1',
'192.168.0.1',
];
Links to official applications:
Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
iOS: https://apps.apple.com/ru/app/google-authenticator/id388497605