Please note that 2FA is only available in the HTTP/S Web client and SFTP if supported by your specific client software. 2FA is not supported by FTP.
To allow and/or require a native user to configure 2 Factor authentication, you must set the “Allow 2 Factor” and, if desired "Require 2 Factor", parameters on a native Cerberus user's authentication settings.
- Open the Cerberus FTP Server User Manager and select Users.
- Select the user that you wish to configure from the Cerberus Users list.
- Click on the Authentication property for the selected user.
- Select "Allow 2 Factor"
- If you want to require this user to set up 2 Factor, select "Require 2 Factor for HTTP/S" and/or "Require for SFTP/SCP"
- Press the Update button to save the new 2FA settings.
2 Factor for SSH SFTP/SCP Options:
The '2 Factor for SSH SFTP/SCP' options under 'Require 2 Factor for HTTP/S' control 2FA behavior for users when using the SFTP protocol. This menu options are “Ignore”, “Require When Status Enabled”, and “Require”.
Drop Down Menu for 2 Factor for SSH SFTP/SCP with different options
- Ignore: Cerberus will bypass the use of 2FA for SSH and SFTP/SCP protocols, regardless of the status of 2 2-factor authentication. In this case, the user will not be required to enter 2FA credentials. Please note, this is not a recommended option unless absolutely necessary. A “warning badge” will be visible in the configuration page and the Account Report if this setting is turned on for the user.
- Require When Status Enabled: Cerberus will require 2FA for SSH and SFTP/SCP protocols provided the status of 2 Factor Authentication is “Enabled”. In other words, the user will be required to enter 2FA credentials if the status of 2FA is enabled. If the status of 2FA is disabled, the user will not be required to enter 2FA credentials.
- Require: Regardless of the status of 2 Factor Authentication, Cerberus will expect 2FA authentication for that user. If the status of 2 Factor Authentication is “Enabled”, the user will be able to authenticate via 2FA. If the status of 2 Factor Authentication is “Disabled”, the user won’t be able to authenticate as they won’t have the 2FA credentials but Cerberus will still expect them for successful authentication.
Please note that the same menu is available for Group Authentication settings as well (User Manager > Groups > Authentication). User settings are overridden by Group settings if the User is part of a Group unless the overriding button is enabled in the Authentication tab.
To learn more about group settings and overriding, please refer to Group Accounts in Cerberus FTP Server – Cerberus Support.
Comments
0 comments
Please sign in to leave a comment.