2FA: Difference between revisions
(Add FortiToken activation troubleshooting section) |
(Add See Also section linking to Authentication overview page) |
||
| Line 74: | Line 74: | ||
* What apps can generate 2FA codes? | * What apps can generate 2FA codes? | ||
* How to disable 2FA via database? | * How to disable 2FA via database? | ||
== See Also == | |||
* [[Authentication]] - Overview of all authentication methods | |||
* [[Google_Sign_in_usage]] - Google OAuth 2.0 integration | |||
* [[Microsoft_Sign_in_usage]] - Microsoft Entra ID / Azure AD integration | |||
* [[REMOTE_USER_Authentication]] - External authentication via Apache modules | |||
[[Category:Authentication]] | |||
[[Category:Configuration]] | |||
[[Category:GUI]] | |||
Revision as of 12:44, 6 January 2026
Two Factor Authentication (2FA)
2FA is available from VoIPmonitor GUI version 20.
Prerequisites
Ensure server time is synchronized (install NTP service) as 2FA codes are time-sensitive.
GUI Settings
- Admin users can enable 2FA requirement for any user in GUI > Users & Audit. Enabling requires setup.
- Admins can delete a user's 2FA secret in GUI > Users & Audit.
- Users can set/change 2FA (with password) in GUI > User Settings > Change User Auth. Follow the setup dialog.
2FA Code Generator Setup
Use apps like:
- Google Authenticator for Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
- Google Authenticator for iOS: https://itunes.apple.com/cz/app/google-authenticator/id388497605?mt=8
- Google Authenticator Chrome extension: https://chrome.google.com/webstore/detail/google-authenticator/njkhnbmlaefgkjpaghgphiceaocdblgl
- Authenticator Firefox addon: https://addons.mozilla.org/en-US/firefox/addon/auth-helper/?src=search
Scan QR code to import account and generate codes.
Troubleshooting
Time Synchronization Issues (TOTP-based 2FA)
If you use TOTP-based apps (Google Authenticator, Authy, etc.) and receive "invalid code" errors, the server time may be out of sync. 2FA codes are time-sensitive.
- Ensure NTP service is installed and running:
# Debian/Ubuntu sudo apt-get install ntp sudo systemctl restart ntp # CentOS/RHEL sudo yum install ntp sudo systemctl restart ntp
- Force immediate time sync:
sudo ntpdate pool.ntp.org
FortiToken Activation Issues
FortiToken uses a different mechanism than TOTP apps. If you receive an "invalid code" error during FortiToken activation:
- Do NOT attempt to fix via time synchronization - this will not solve FortiToken activation issues.
- Contact your VPN administrator to request a new activation code.
- Ensure the new code is used within its validity period (typically 24 hours).
- In the FortiTokenMobile app:
- Use the SCAN BAR CODE option with the new QR code, OR
- Manually enter the new activation string.
If you are locked out and cannot access the GUI, disable 2FA via database:
mysql> update users set secret = null, req_2fa = 0 where username = 'USER';
AI Summary for RAG
Summary: This article covers enabling and using 2FA in VoIPmonitor GUI from version 20, including prerequisites (time sync), admin/user settings, app recommendations, setup process, and disabling via database.
Keywords: 2FA, two-factor authentication, GUI settings, time synchronization, NTP, Google Authenticator, QR code, database disable
Key Questions:
- What version supports 2FA in VoIPmonitor GUI?
- Why is time synchronization required for 2FA?
- How do admins enable or disable 2FA for users?
- How do users set up 2FA?
- What apps can generate 2FA codes?
- How to disable 2FA via database?
See Also
- Authentication - Overview of all authentication methods
- Google_Sign_in_usage - Google OAuth 2.0 integration
- Microsoft_Sign_in_usage - Microsoft Entra ID / Azure AD integration
- REMOTE_USER_Authentication - External authentication via Apache modules