2 Factor Authentication

Richard · July 26, 2023, 7:14am

Is there any way to implement 2 factor authentication for local accounts in indico? e.g. with an OTP provider?

Thanks,

Richard

ThiefMaster · July 26, 2023, 7:42am

No, currently the only way to get 2FA is by using an external authentication option.

bartoldu · January 16, 2025, 10:17pm

Hello all,

Has there been any development on this, or is there perhaps a plan to add 2FA for local accounts? I guess I’m intrigued by the word currently.

Thanks
– Rainer

ThiefMaster · January 16, 2025, 10:19pm

I’m sure it will eventually come. Either contributed by someone else, or when I have some free time to work on it myself (I’d love to do that, but you probably know how it is with days not having enough hours? ;))

bartoldu · January 16, 2025, 10:36pm

Thanks for the prompt reply. I do know how it is to have only 24 hours in a day, and so I shouldn’t even ask this, but is there a sketch for what would need to be done that we could perhaps help with? We use SSO and started looking into federated logins but we also have a large and diverse group of external users that won’t have access to either.

ThiefMaster · January 17, 2025, 12:39pm

The best solution would be to add support for multifactor in Flask-Multipass, and then make the necessary changes on the Indico side for this to work.

It will need quite a bit of thinking how to best implement it though, since unlike with logging in there need to be many more interactions with the application itself (ie Indico), and it needs to provide some UI for things like MFA setup/reset etc., and it’s up to the application to store the data (OTP secret, whatever is stored for webauthn, scratch/recovery keys).