Dear All,
How would one go about adding Two Factor Authentication to Frappe?
Could you recommend reliable alternatives to https://www.authy.com that one could integrate with in order to have Two Factor Authentication?
Regards,
cksgb
Dear All,
How would one go about adding Two Factor Authentication to Frappe?
Could you recommend reliable alternatives to https://www.authy.com that one could integrate with in order to have Two Factor Authentication?
Regards,
cksgb
This is a really important feature for Frappé/ERPNext for it to be considered on par with other enterprise-grade ERP systems.
So far, my workaround is using Google Sign-In with the 2FA policy enforced via G Suite (luckily, I manage to get all my clients to use this).
Agreed.
My dns provider offers 2FO that works with an ACL list and Country code:
In the case of login access from an IP not recognized on an ACL list or Country code, then the site emails a six digit integer required for login access,.in addition to password.
Here’s a dns breakin story to ponder
Hi All,
We’ve implemented 2FA in Frappe using pyotp and pyqrcode. Below is a basic walkthrough of the functionality.
Basically, we introduced two settings that allow for 2FA to be activated at the System Settings and Role level. When 2FA is enabled at the site level, a further check is done to see if the role of a user who is about to login also has 2FA activated. If so, it performs the 2nd level check using either TOTP (OTP App such as Google Authenticate) or HOTP (notification of the verification code by either SMS or email). See video below:
To get this to work today, ERPNext has to be installed (even if you don’t need it and are only building on Frappe). This is because the SMS sending functionality is embedded in ERPNext (see the following issue Proposal: Move SMS Settings and related Doctypes to Frappe Core · Issue #9875 · frappe/erpnext · GitHub).
@rmehta what do you think about us shifting the SMS functionality to Frappe? That way, we wouldn’t have to replicate SMS sending
Will send out a PR shortly. Suggestions for improvements welcome.
Regards,
Chude
@Chude_Osiegbu looks great!
Yes lets move SMS to Frappe.
Just a feedback regarding the UX - you are adding the messages / QR code in the header section of the Verification box. The header should be only one line “Verification” and the rest can come in the body
Great work! Look forward to the contribution
Thanks @rmehta,
We’ll effect the changes to the verification box and make a few other corrections. Will look at sending the PR in a few days.
Regards,
Chude
@Chude_Osiegbu can you share link to the 2fa branch?
So I can test how /login?redirect-to
works?
It’s required for oauth2
Excellent work. This is a great “selling” point to make ERPNext enterprise class. Looking forward to the contribution… thank you Chude!
Hello All,
PRs are here:
https://github.com/frappe/frappe/pull/3763
and here:
https://github.com/frappe/erpnext/pull/10033
Regards,
Chude
Tested OAuth 2.0. It is working as expected with 2FA.
Please see additional comments in pull request.
does it work for website user?