In Cerberus FTP Server, administrators now have the flexibility to mandate Two Factor Authentication for Active Directory users, enhancing security measures during user logins to the Web Client.
For a Single Active Directory User:
By default, all Active Directory users share the same virtual directories and permissions. However, you can configure the authentication requirements of a group to either allow or require Two Factor Authentication for all users within that group.
If you specifically want to mandate Two Factor Authentication for an individual Active Directory user, follow these steps on the AD Users page by navigating to User & Group Custom Mappings. Select individual AD user accounts and map them to a Cerberus group account with the "Require 2 Factor" option enabled.
Enabling "Require Two Factor Authentication" for a Cerberus Group:
Open the Cerberus FTP Server User Manager and select Groups.
Choose the group you want to configure from the Cerberus Group list.
Click on the Authentication property for the selected user.
Select "Require 2 Factor for HTTP/S."
Press the Update button to save the new Two Factor Authentication settings.
What if I want to force all my AD Users to use Two Factor Authentication?
To enforce Two Factor Authentication for all Active Directory (AD) users in Cerberus FTP Server, a straightforward approach involves selecting a single Cerberus group as the default group. All AD users automatically become members of this group upon logging in, ensuring that permissions and security measures are universally applied.
Consider a Cerberus group named "AD Users." By assigning this group as the Default Group for AD users on the Cerberus AD Users page in the User Manager, you effectively mandate Two Factor Authentication for all users logging into Cerberus FTP Server. This method provides a simple yet effective way to streamline permissions and security settings for all AD users
When enforcing Two Factor Authentication for all Active Directory (AD) users in Cerberus FTP Server, settings from a designated group, such as "AD Users," are universally applied. In our example, the "Require 2 Factor for HTTP/S" option is selected for the AD Users group, ensuring this security measure is imposed on all AD users upon login.
It's crucial to note that while permissions are automatically applied, virtual directories for the AD Users group are not applied by default to AD users. To extend the group's virtual directories to AD users, ensure that "Use Default Group Directories" is selected as the Default Directory Mapping mode. Additional information on the Default Directory Mapping mode can be found here.