2FA

Two Factor Authentication (2FA)

2FA is available from VoIPmonitor GUI version 20.

Prerequisites

Ensure server time is synchronized (install NTP service) as 2FA codes are time-sensitive.

GUI Settings

• Admin users can enable 2FA requirement for any user in GUI > Users & Audit. Enabling requires setup.
• Admins can delete a user's 2FA secret in GUI > Users & Audit.
• Users can set/change 2FA (with password) in GUI > User Settings > Change User Auth. Follow the setup dialog.

2FA Code Generator Setup

Use apps like:

• Google Authenticator for Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
• Google Authenticator for iOS: https://itunes.apple.com/cz/app/google-authenticator/id388497605?mt=8
• Google Authenticator Chrome extension: https://chrome.google.com/webstore/detail/google-authenticator/njkhnbmlaefgkjpaghgphiceaocdblgl
• Authenticator Firefox addon: https://addons.mozilla.org/en-US/firefox/addon/auth-helper/?src=search

Scan QR code to import account and generate codes.

Troubleshooting

Time Synchronization Issues (TOTP-based 2FA)

If you use TOTP-based apps (Google Authenticator, Authy, etc.) and receive "invalid code" errors, the server time may be out of sync. 2FA codes are time-sensitive.

• Ensure NTP service is installed and running:

# Debian/Ubuntu
sudo apt-get install ntp
sudo systemctl restart ntp

# CentOS/RHEL
sudo yum install ntp
sudo systemctl restart ntp

• Force immediate time sync:

sudo ntpdate pool.ntp.org

FortiToken Activation Issues

FortiToken uses a different mechanism than TOTP apps. If you receive an "invalid code" error during FortiToken activation:

• Do NOT attempt to fix via time synchronization - this will not solve FortiToken activation issues.
• Contact your VPN administrator to request a new activation code.
• Ensure the new code is used within its validity period (typically 24 hours).
• In the FortiTokenMobile app:
  • Use the SCAN BAR CODE option with the new QR code, OR
  • Manually enter the new activation string.

If you are locked out and cannot access the GUI, disable 2FA via database:

mysql> update users set secret = null, req_2fa = 0 where username = 'USER';

AI Summary for RAG

Summary: This article covers enabling and using 2FA in VoIPmonitor GUI from version 20, including prerequisites (time sync), admin/user settings, app recommendations, setup process, and disabling via database.

Keywords: 2FA, two-factor authentication, GUI settings, time synchronization, NTP, Google Authenticator, QR code, database disable

Key Questions:

• What version supports 2FA in VoIPmonitor GUI?
• Why is time synchronization required for 2FA?
• How do admins enable or disable 2FA for users?
• How do users set up 2FA?
• What apps can generate 2FA codes?
• How to disable 2FA via database?

See Also

• Authentication - Overview of all authentication methods
• Google_Sign_in_usage - Google OAuth 2.0 integration
• Microsoft_Sign_in_usage - Microsoft Entra ID / Azure AD integration
• REMOTE_USER_Authentication - External authentication via Apache modules