2FA Updates #7389
2FA Updates #7389
Conversation
Applied corrections from review; made misc edits for consistency.
fixed trailing space
|
running tests |
There was a problem hiding this comment.
@ccondra, are these changes applicable to 2.3.x or 2.4.0 only? If 2.4.0 only, you need to break the symlink, copy the 2.3 file to 2.4, and then make these updates. There's a handy rake command that will remove the symlink and create a copy of the 2.3 file in 2.4 for you:
rake symlink:replace_at path=src/guides/v2.3/security/two-factor-authentication.md
| [9]: https://docs.magento.com/m2/ee/user_guide/stores/security-two-factor-authentication-use.html#u2f-key | ||
| [10]: https://www.yubico.com/ | ||
| [11]: https://duo.com/ | ||
| [12]: https://github.com/magento/magento2-functional-testing-framework/blob/develop/docs/configure-2fa.md |
There was a problem hiding this comment.
It would be nice if the MFTF team merged this with master so that we could link to it on the devdocs site. We currently publish docs from that repo under: https://devdocs.magento.com/mftf/docs/introduction.html. I guess this will do for beta.
|
|
||
| 1. Select Google Authenticator as the 2FA provider: | ||
|
|
||
| ```bash |
There was a problem hiding this comment.
Code block needs to be indented (3 spaces I think) under the preceding list.
|
|
||
| 1. Increase the lifetime of the window to 60 seconds to prevent tokens from expiring. | ||
|
|
||
| ```bash |
There was a problem hiding this comment.
Code block needs to be indented (3 spaces I think) under the preceding list.
| bin/magento config:set twofactorauth/google/otp_window 60 | ||
| ``` | ||
|
|
||
| 1. Generate a Base32-encoded string for the shared secret value. For example, encoding the string `abcd` with the online [Base32 Encode][13] tool returns the value `MFRGGZDF`. Use the following key to add the encoded value to the MFTF `.credentials` file: |
There was a problem hiding this comment.
| 1. Generate a Base32-encoded string for the shared secret value. For example, encoding the string `abcd` with the online [Base32 Encode][13] tool returns the value `MFRGGZDF`. Use the following key to add the encoded value to the MFTF `.credentials` file: | |
| 1. Generate a Base32-encoded string for the shared secret value. For example, encoding the string `abcd` with the online [Base32 Encode][13] tool returns the value `MFRGGZDF`. Use the following key to add the encoded value to the MFTF `.credentials` file: |
|
|
||
| 1. Generate a Base32-encoded string for the shared secret value. For example, encoding the string `abcd` with the online [Base32 Encode][13] tool returns the value `MFRGGZDF`. Use the following key to add the encoded value to the MFTF `.credentials` file: | ||
|
|
||
| ```bash |
There was a problem hiding this comment.
Code block needs to be indented (3 spaces I think) under the preceding list.
| magento/tfa/OTP_SHARED_SECRET=MFRGGZDF | ||
| ``` | ||
|
|
||
| 1. Use CLI to add the encoded shared secret to Google Authenticator. |
There was a problem hiding this comment.
| 1. Use CLI to add the encoded shared secret to Google Authenticator. | |
| 1. Add the encoded shared secret to Google Authenticator. |
|
|
||
| 1. Use CLI to add the encoded shared secret to Google Authenticator. | ||
|
|
||
| ```bash |
There was a problem hiding this comment.
Code block needs to be indented (3 spaces I think) under the preceding list.
Co-authored-by: Jeff Matthews <[email protected]>
Co-authored-by: Jeff Matthews <[email protected]>
Fixed indentation of code examples.
… into 2FA-Review-Updates
|
Closing this because we need to revert changes to the 2.3 file, break the symlink, and apply changes to the 2.4 file (#7392). |
|
Hi @ccondra, thank you for your contribution! |
Applied corrections from review; made misc edits for consistency.
Purpose of this pull request
This pull request (PR) updates the existing topic with the following changes in the 2.4 release: including:
2FA is always enabled
"Trust this device" removed
Web API support
MFTF configuration for testing with 2FA
Added a Web API diagram, and made misc. updates for consistency.
Affected DevDocs pages
Two-Factor Authentication
Staging: #1922