Skip to content
GitLab
Explore
Sign in
castellum
Documentation
Compare revisions
f262e5d87993b58457f97c7a9ea8da7e88901a8e to b3d2392a90840068163ab9697f59583aa490d373
Commits on Source (2)
document two factor authentication
· 2d4077eb
Bengfort
authored
Jul 05, 2021
2d4077eb
Merge branch 'mfa' into 'master'
· b3d2392a
Timo
authored
Jul 05, 2021
document two factor authentication See merge request
!75
b3d2392a
Hide whitespace changes
Inline
Side-by-side
source/guides/admin.rst
View file @
b3d2392a
...
...
@@ -26,6 +26,7 @@ There can be different reasons why a user has been locked:
1. **Account has expired**: Update the expiration date (see :ref:`admin-users`)
2. **Too many login attempts**: See `djang-axes <https://django-axes.readthedocs.io/en/latest/3_usage.html#resetting-attempts-and-lockouts>`_
3. **Lost access to second authentication factor**: Remove the user's MFA Keys via the admin interface
.. _admin-roles:
...
...
source/guides/two-factor-authentication.rst
0 → 100644
View file @
b3d2392a
.. _2fa:
Two-Factor-Authentication
=========================
To further protect subjects' personal data against compromised or weak
passwords, Castellum can *and should* be used with two-factor authentication
(2FA).
If enabled, a successful login requires an additional code or passphrase before
Castellum can be used (similar to a TAN for online banking).
Currently we support any generic TOTP application or FIDO2 hardware security
tokens.
Smartphone apps (TOTP)
----------------------
We recommend to use a 2FA application on your phone. Just search for "TOTP" in
the app store of your choice.
Most TOTP apps work the same:
1. Install an authenticator app on a phone
2. Register that phone on the website (Castellum) by scanning a QR code with
the authenticator app
3. The app will now generate TOTP authentication codes for you that can be
used to log in
Hardware Keys (FIDO2)
---------------------
If you do not want to use your phone and TOTP, you can also chose to use
FIDO2-based hardware keys (tokens). In that case we recommend `Yubico FIDO2
tokens <https://www.yubico.com/de/product/security-key-nfc-by-yubico/>`_, but
any FIDO2-compatible token should work.
The tokens are connected to your device with USB and, when registered
successfully, usually just require a tap / key press when prompted on login.
For additional details about supported hardware tokens or Authenticator apps,
contact your local IT department or security officer.
source/index.rst
View file @
b3d2392a
...
...
@@ -19,6 +19,7 @@ Welcome to Castellum's documentation!
:maxdepth: 2
:caption: Step-by-step guides
guides/two-factor-authentication
guides/subject-management
guides/study-management
guides/subject-get-pseudonym
...
...
source/security.rst
View file @
b3d2392a
...
...
@@ -18,6 +18,7 @@ Account restrictions
- Users are automatically logged out on inactivity
- User accounts expire on a set date
- (Mandatory) :ref:`2fa`
.. _permissions:
...
...