2 Factor Authentication

Is there any way to implement 2 factor authentication for local accounts in indico? e.g. with an OTP provider?

Thanks,

Richard

No, currently the only way to get 2FA is by using an external authentication option.

Hello all,

Has there been any development on this, or is there perhaps a plan to add 2FA for local accounts? I guess I’m intrigued by the word currently.

Thanks
– Rainer

I’m sure it will eventually come. Either contributed by someone else, or when I have some free time to work on it myself (I’d love to do that, but you probably know how it is with days not having enough hours? ;))

Thanks for the prompt reply. I do know how it is to have only 24 hours in a day, and so I shouldn’t even ask this, but is there a sketch for what would need to be done that we could perhaps help with? We use SSO and started looking into federated logins but we also have a large and diverse group of external users that won’t have access to either.

The best solution would be to add support for multifactor in Flask-Multipass, and then make the necessary changes on the Indico side for this to work.

It will need quite a bit of thinking how to best implement it though, since unlike with logging in there need to be many more interactions with the application itself (ie Indico), and it needs to provide some UI for things like MFA setup/reset etc., and it’s up to the application to store the data (OTP secret, whatever is stored for webauthn, scratch/recovery keys).