Single Active Directory User
By default, all LDAP users are assigned the virtual directories and permissions based on the Default Virtual Directory Mapping mode defined on the Server Overview page for your LDAP configuration.
You can control 2FA requirements for an LDAP server in one of two way:
- Using the Cerberus Default Group to specify the same 2FA settings for all LDAP users
- Assigning an LDAP user to a Cerberus group to override the Cerberus Default Group
Furthermore, you can configure the authentication requirement of the group to allow and require (or NOT allow/require) Two Factor Authentication for all users in a particular group.
However, if you wish to require Two Factor Authentication for an individual LDAP user, then you can do so through the LDAP Users page by clicking on the LDAP user and assigning them to a new Cerberus group:
The LDAP user would then inherit the 2FA settings from that Cerberus group. You would then modify the the 2FA settings for that Cerberus group to customize whether the user was required to use 2FA or not.
- Open the Cerberus FTP Server User Manager and select Groups.
- Select the group that you wish to configure from the Cerberus Group list.
- Click on the Authentication property for the selected user.
- Select “Allow 2 Factor“ to allow users to setup 2 factor authentication. Select both “Allow 2 Factor” and "Require 2 Factor for HTTP/S" to force them to use it.
- Press the Update button to save the new 2FA settings.