MFA Authentication⚓︎
Prompt
- MFA:Multi Factor Authentication
1 Enable MFA⚓︎
- IF MFA is
Enable
, you can specify multi-factor authentication (MFA) when creating or updating a user. - In the case of
Force Users to Enable
, you can force-enable multi-factor authentication (MFA) by clicking on the user details in the 'web' - 'User Management' - 'User List'. - In the case of
Global Enable
, go to 'web' - 'System Settings' - 'Security Settings' and check Multi-Factor Authentication (MFA) (once enabled, all users will be forced to use MFA and cannot manually disable it).
Recommended settings
- All administrators should mandatorily enable multi-factor authentication.
- During actual use, enabling global MFA is recommended to enhance security.
2. Disable MFA⚓︎
- MFA users who are enabled normally can close it themselves.
- Mandatory MFA requires an administrator to close it.
- Enabling MFA globally cannot be turned off. You must first disable MFA globally in 'System Settings' - 'Security Settings'.
3. Reset MFA⚓︎
- Administrators can reset the multi factor authentication of the user in other user details. Click on the
User Name
in theWeb
-User List
to see the user details.
- If the administrator unable to obtain authorization code of MFA , it can be reset through the console.
docker exec -it jms_core /bin/bash
cd /opt/jumpserver/apps
python manage.py shell
from users.models import User
u = User.objects.get(username='admin')
u.mfa_level='0'
u.otp_secret_key=''
u.save()