With 2FA, GEODI users enter the system with multiple verification stages. 2FA activation is optional.On this page you will find activation procedures for different 2FA providers.
Currently 2FA is supported for DUO, Google, Linkedin, Facebook and Office365.- 2FA is only available for LDAP users.
Google or other oauth/openid supporting systems
The settings under Settings/LoginProvider apply. For example, if the 2FA option is active on the Google side, 2FA is also valid for GEODI.You do not need to make any additional settings.
Google,
Linkedin,
Facebook
Office365
DUO Activation
To activate 2FA with DUO, you must follow the steps below.
You must have a DUO subscription (http://duo.com )
Installation of 2FA Module must be ensured via DECE-STORE. (Settings/Module Management)
The following definition should be made under the directory <geodi>/Settings/2FA . The Default.json.sample file can be used. Definition file must conform to json rules. You can verify with https://jsonformatter.curiousconcept.com/ .
You can obtain the required values from the Applications section of the Duo Admin page.https://admin.duosecurity.com/login?next=%2F
After entering, WebSDK or DUO API application settings must be given to the relevant values from the Applications tab.
Clientkey:From the DUO Admin pageSecretKey:From the DUO Admin pageHost:From the DUO Admin pageType:DUO // may vary for different providers)Device:All // You can select your devices from the Duo Interface.
After the settings, the DUO verification page opens on the GEODI Login page for LDAP users.
When a new user is added, it must be synchronized on the Duo side. (Refer to Duo technical documentation for more.)
{
"ClientKey" : "Integration key değeri",
"SecretKey" : "Secret key değeri",
"Host" : "API hostname değeri",
"Type" : "DUO",
"Device" :"All"
}
Duo Admin Account Application Information Example