Introduced in Cerberus version 9.0.4, Administrators can now require Two Factor Authentication for an Active Directory user and force a user to set up Two Factor Authentication on the first login to the Web Client.
Single Active Directory User
By default, all Active Directory users are assigned the same virtual directories and permissions. Furthermore, you can configure the authentication requirement of the group to allow and require (or NOT allow/require) Two Factor Authentication for all users in a particular group.
However, if you wish to require Two Factor Authentication for an individual Active Directory user, then you can do so through the AD Users page by clicking on User & Group Custom Mappings. You can select individual AD user accounts and map them to a Cerberus group account which has the "Require 2 Factor" option enabled.
Enabling the "Require Two Factor Authentication" option for a Cerberus Group
1. Open the Cerberus FTP Server User Manager and select Groups.
2. Select the group that you wish to configure from the Cerberus Group list.
3. Click on the Authentication property for the selected user.
4. Select "Require 2 Factor for HTTP/S"
5. Press the Update button to save the new 2FA settings.
What if I want to force all my AD Users to use Two Factor Authentication?
A single Cerberus group can be selected as the default group in which all AD users will become a member of when they log in to Cerberus FTP Server. Using the default group option can be a simple but effective way to make sure that permissions are applied to all AD users.
For example, consider a Cerberus group named AD Users. On the Cerberus AD Users page of the User Manager, this group is assigned as the Default Group for AD users.
All of the settings of this group are applied to any AD users that are logged in. In our example, AD Users group will have the "Require 2 Factor for HTTP/S" option selected. The permission will be applied to all AD users that log in.
However, virtual directories for group AD Users will not be applied by default to AD users unless Use Default Group Directories is selected as the Default Directory Mapping mode. More information on the Default Directory Mapping mode can be found here.