2fa for manager.io server

Hi guys,

Firstly, we love your product, so thanks for the awesome work.

We currently hold a license for the server edition, and we’re keen to implement 2fa to secure our instance.

We’ve read a few different posts discussing 2fa, but wondered if there were any plans to implement 2fa in the server edition, or to support any sort of multi-factor auth (okta or duo)?

Thanks in advance,

This has become a huge thing for us now as we are not only concerned about our own company data but we store a lot of customer sensitive stuff too.

Is there a 2FA product to stand in front of the Manager Server Version login to give some additional security please?

Back in Sep 2016

2FA is now defacto standard in online applications that store sensitive data and not really sure why @Lubos still has not implemented this.

Anyone got knowledge or recommendation for any third party tool for 2FA to patch current Manager Server version?

I ended up solving this 2 different ways.

First, you can run a (local) freeradius instance with pam + google auth, and use this with apache2, or if you can manage your clients, you can use client cert auth as well.

Neither is perfect, but having no 2fa was not an option for us.

Hopefully one day 2fa can be integrated into manager.

Shout out if you need a hand with config(s) etc for either of the above, but I’m sure your google foo will cover it :slight_smile:

Cheers I may call out thank you. Just looking at MiniOrange which talks about a radius deployment Two-Factor Authentcation (2FA) for Apache Web Server

Yup, same technique, but would highly recommend freeradius.

Is good and must feature. Hope @lubos will look at this topic.
Thanks