Introduced in Cerberus version 9.0.4, Administrators can now require Two Factor Authentication for a user and force a user to set up Two Factor Authentication on the first login to the Web Client.
Single Active Directory User
By default, all AD users are assigned the same virtual directories and permissions. Furthermore, you can configure the authentication requirement of the group to allow and require (or NOT allow/require) Two Factor Authentication for all users in a particular group.
However, if you wish to require Two Factor Authentication for an individual AD user, then you can do so through the AD User Customization page by clicking on the Customize button. You can select individual AD user accounts and map them to a Cerberus group account which has the "Require 2 Factor" option enabled.
Enabling the "Require Two Factor Authentication" option for a Cerberus Group
1. Open the Cerberus FTP Server User Manager and select Groups.
2. Select the group that you wish to configure from the Cerberus Group list.
3. Double-click on the Authentication property for the selected user. The
Change Authentication Requirements dialog will appear.
4. Select "Require 2 Factor Authentication"
5. Press the OK button on the Change Authentication Requirements dialog to close and save the new SSH authentication settings.
6. Press the Update button on the User Manager to save the changes to the selected group.
What if I want to force all my AD Users to use Two Factor Authentication?
A single Cerberus group can be selected as the default group in which all AD users will become a member of when they log in to Cerberus FTP Server. Using the default group option can be a simple but effective way to make sure that permissions are applied to all AD users.
For example, consider a Cerberus group named AD Users. On the Cerberus AD Users page of the User Manager, this group is assigned as the Default Group for AD users.
All of the settings of this group are applied to any AD users that are logged in. In our example, AD Users group will have the "Require 2 Factor Authentication" option selected. The permission will be applied to all AD users that log in.
However, virtual directories for group AD Users will not be applied by default to AD users unless Use Default Group Directories is selected as the Default Directory Mapping mode. More information on the Default Directory Mapping mode can be found here.