LogoLogo
  • LIBSAFE Advanced Pro - System Administrator Manual
  • Introduction
    • Basic concepts
    • General considerations
  • System configuration
    • Storage
      • Storage groups
      • Disks
        • Different storage system types and their integration in LIBSAFE
      • Datamover
    • Digital signature profiles
      • Certificates for the digital signature service
    • Access
      • Users
        • Two-Factor Authentication (2FA)
      • Groups
      • User permissions
    • Alarms and Notifications
      • Alarm definition
      • Configured alarms
        • Configuring an alarm: example 1
        • Configuring an alarm: example 2
      • Notifications panel
    • Extras and tools
      • Programmed tasks
      • Logs manager
      • File management
      • Database management
      • Database management (read-only mode)
      • Web interface configuration variables
      • Configuration variables
      • API system services
      • Server cluster - Parallelization
        • Details of activity in one node
        • Editing or creating a node and its associated services
        • Node deactivation
        • Deleting nodes
        • Processing Cluster customization
      • SAML integration as a SSO (Single Sign On) when login in LIBSAFE
    • License
  • Preservation configuration
    • Ingestion sanitizers
      • Ingestion sanitizers detail
      • Ingestion sanitizer editing
    • Preprocessors
      • Preprocessor details
      • Creation of the preprocessor
      • Preprocessor editing
    • Ingestion checks
      • Ingestion check details
      • Creation of the ingestion check
      • Ingestion check editing
      • Main ingestion checks
    • Metadata filters
      • Metadata filter detail
      • Creation of metadata filter
      • Metadata filter editing
    • Dissemination Information Package (DIP) profiles
      • DIP profile detail
      • Creation of DIP profiles
      • DIP profile edition
    • Connectors
      • Connector Detail
      • Create a new connector
      • Edit a connector
    • File formats
      • File format detail
    • File format characterizers
      • File format characterizer detail
    • File format validators
      • File format validator detail
    • File format evolvers
      • File format evolver detail
  • Frequently Asked Questions (FAQ) and additional notes
Powered by GitBook
On this page

Was this helpful?

  1. System configuration
  2. Access
  3. Users

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is a security procedure where the user, besides the password, must provide a second authentication factor in LIBSAFE. This second factor depends on the type selected for this authentication; in this case, we have the OTP (One-Time Pin) method available.

This authentication method requires that an external tool (e.g., FreeOTP) takes care of generating the one-time pin to access LIBSAFE. Said pin is only valid for 30 seconds, after which time it will not be valid any longer and we will have to create a new one.

To generate said pin, the external tool we use will need a series of general parameters and a secret individual key for each user. The general parameters are the following:

  • Type: time-based (TOTP)

  • Interval : 30 seconds

  • Digits : 6

  • Algorithm : SHA1

The secret key can be generated by LIBSAFE in the user creation / edition, in the Security options section (once “Yes” is selected to activate the Two-Factor Authentication), by clicking on the Generate random key button. It can also be introduced by the systems administrator, as long as the following conditions are met:

  • It must have an exact length of 16 characters

  • It must be a Base32 alphanumeric sequence (it only takes capital letters A-Z and numbers in the 2-7 range).

When it comes to user creation / editing with the two-factor authentication access activated, we must make sure that the user receives the general parameters for the pin generation, with the external tool, as well as the secret key. Otherwise, the user will have no chance to access LIBSAFE.

Important: before activating the two-factor authentication, we must check that we have all the necessary data; we need to consult the systems administrator otherwise. A failure in the configuration could block our access to LIBSAFE. We need the configuration parameters and the secret key to generate the pin from an external tool.

LIBSAFE limits the insertion and editing of certain data from users to systems administrators, to avoid the entry of fake administrative information which could lead to data theft or illegal impersonation. The internal procedures of the company or institution using LIBSAFE will have to take care of the verification of said data and its management by LIBSAFE’s systems administrator.

PreviousUsersNextGroups

Last updated 3 years ago

Was this helpful?