GEODI provides an alternative login mechanism through 3rd party providers. These providers also support 2FA. You must activate any of the providers here to have 2FA on login.

Currently 2FA is supported for DUO, Google, Linkedin, Facebook and Microsoft.

2FA is only available for LDAP users.

Open

Google or other oauth/openid supporting systems

The settings under Settings/LoginProvider apply. For example, if the 2FA option is active on the Google side, 2FA is also valid for GEODI. You do not need to make any additional settings.

• Google,

• Linkedin,

• Facebook

Microsoft

To activate Microsoft, you must have an Office365 account. Users log in to GEODI through the same account. You must install the 2FA module on the DECE-STORE for activation.

After installation, the Microsoft logo will appear on the GEODI login page. Users must log in to GEODI using the Microsoft icon.

DUO

To activate 2FA with DUO, you must follow the steps below.

• You must have a DUO subscription (http://duo.com )

• Installation of 2FA Module must be ensured via DECE-STORE. (Settings/Module Management)

• The following definition should be made under the directory <geodi>/Settings/2FA . The Default.json.sample file can be used. Definition file must conform to json rules. You can verify with JSON Formatter & Validator .

• You can obtain the required values from the Applications section of the Duo Admin page.Admin Login - Duo

  • After entering, WebSDK or DUO API application settings must be given to the relevant values from the Applications tab.

  • Clientkey:From the DUO Admin page

  • SecretKey:From the DUO Admin page

  • Host:From the DUO Admin page

  • Type:DUO // may vary for different providers)

  • Device:All // You can select your devices from the Duo Interface.

• After the settings, the DUO verification page opens on the GEODI Login page for LDAP users.

  • When a new user is added, it must be synchronized on the Duo side. (Refer to Duo technical documentation for more.)

Open