Agent::AuthTwoFactor::Module###AuthenticatorApp
Defines the two-factor module to authenticate agents via authenticator app (TOTP mechanism). Use ‘Prio’ key to influence the priority of this mechanism in respect to others. ‘SecretPreferencesKey’ contains the key of the user preference where the shared secret key is stored. ‘AllowPreviousToken’ defines if the previously valid token should be accepted for authentication, which is slightly less secure but gives users 30 seconds more time to enter their one-time password. ‘GracePeriod’ is the time period in seconds that the token will be considered valid, before changing it make sure the user app supports this value.
Default value:
---
AllowPreviousToken: '1'
GracePeriod: '30'
Icon: regular,mobile-qr-code
Label: Authenticator App
Module: Kernel::System::TwoFactor::AuthenticatorApp
Prio: '1000'
SecretPreferencesKey: UserGoogleAuthenticatorSecretKey
Agent::AuthTwoFactor::Module###Email
Defines the two-factor module to authenticate agents via email (HOTP mechanism). Use ‘Prio’ key to influence the priority of this mechanism in respect to others. ‘SecretPreferencesKey’ contains the key of the user preference where the shared secret key is stored. ‘CounterPreferencesKey’ contains the key of the user preference where the current counter value is stored. ‘LookAheadWindowSize’ defines number of retry attempts that will be used if the token is invalid, by increasing the counter value for specified window size (counter re-sync).
Default value:
---
CounterPreferencesKey: UserEmailHOTPCounterConfig
EmailSecurityPreferencesKey: UserEmailHOTPSecurityConfig
Icon: regular,phone-action-email
Label: Email
LookAheadWindowSize: '5'
Module: Kernel::System::TwoFactor::Email
Prio: '3000'
SecretPreferencesKey: UserEmailHOTPSecretKey
Agent::AuthTwoFactor::Module###SMS
Defines the two-factor module to authenticate agents via SMS (HOTP mechanism). Use ‘Prio’ key to influence the priority of this mechanism in respect to others. ‘SecretPreferencesKey’ contains the key of the user preference where the shared secret key is stored. ‘CounterPreferencesKey’ contains the key of the user preference where the current counter value is stored. ‘LookAheadWindowSize’ defines number of retry attempts that will be used if the token is invalid, by increasing the counter value for specified window size (counter re-sync).
This setting is not active by default.
Default value:
---
CounterPreferencesKey: UserSMSHOTPCounterConfig
EmailSecurityPreferencesKey: UserSMSHOTPSecurityConfig
Icon: regular,phone-type
Label: SMS
LookAheadWindowSize: '5'
Module: Kernel::System::TwoFactor::SMS
Prio: '2000'
SecretPreferencesKey: UserSMSHOTPSecretKey
Agent::AuthTwoFactor::RequiredSetup
Defines if agents are required to setup at least one two-factor authentication method.
This setting can not be deactivated.
Default value:
1
Agent::AuthTwoFactor::RequiredSetupException###001-Framework
Defines list of agent logins (UserLogin) that will be excepted from requiring to setup at least one two-factor authentication method.
This setting can not be deactivated.
Default value:
--- []
Customer::AuthTwoFactor::Module###AuthenticatorApp
Defines the two-factor module to authenticate customer users via authenticator app (TOTP mechanism). Use ‘Prio’ key to influence the priority of this mechanism in respect to others. ‘SecretPreferencesKey’ contains the key of the user preference where the shared secret key is stored. ‘AllowPreviousToken’ defines if the previously valid token should be accepted for authentication, which is slightly less secure but gives users 30 seconds more time to enter their one-time password. ‘GracePeriod’ is the time period in seconds that the token will be considered valid, before changing it make sure the user app supports this value.
Default value:
---
AllowPreviousToken: '1'
GracePeriod: '30'
Icon: regular,mobile-qr-code
Label: Authenticator App
Module: Kernel::System::TwoFactor::AuthenticatorApp
Prio: '1000'
SecretPreferencesKey: UserGoogleAuthenticatorSecretKey
Customer::AuthTwoFactor::Module###Email
Defines the two-factor module to authenticate customer users via email (HOTP mechanism). Use ‘Prio’ key to influence the priority of this mechanism in respect to others. ‘SecretPreferencesKey’ contains the key of the user preference where the shared secret key is stored. ‘CounterPreferencesKey’ contains the key of the user preference where the current counter value is stored. ‘LookAheadWindowSize’ defines number of retry attempts that will be used if the token is invalid, by increasing the counter value for specified window size (counter re-sync).
Default value:
---
CounterPreferencesKey: UserEmailHOTPCounterConfig
EmailSecurityPreferencesKey: UserEmailHOTPSecurityConfig
Icon: regular,phone-action-email
Label: Email
LookAheadWindowSize: '5'
Module: Kernel::System::TwoFactor::Email
Prio: '3000'
SecretPreferencesKey: UserEmailHOTPSecretKey
Customer::AuthTwoFactor::Module###SMS
Defines the two-factor module to authenticate customer users via SMS (HOTP mechanism). Use ‘Prio’ key to influence the priority of this mechanism in respect to others. ‘SecretPreferencesKey’ contains the key of the user preference where the shared secret key is stored. ‘CounterPreferencesKey’ contains the key of the user preference where the current counter value is stored. ‘LookAheadWindowSize’ defines number of retry attempts that will be used if the token is invalid, by increasing the counter value for specified window size (counter re-sync).
This setting is not active by default.
Default value:
---
CounterPreferencesKey: UserSMSHOTPCounterConfig
EmailSecurityPreferencesKey: UserSMSHOTPSecurityConfig
Icon: regular,phone-type
Label: SMS
LookAheadWindowSize: '5'
Module: Kernel::System::TwoFactor::SMS
Prio: '2000'
SecretPreferencesKey: UserSMSHOTPSecretKey
Customer::AuthTwoFactor::RequiredSetup
Defines if customer users are required to setup at least one two-factor authentication method.
This setting can not be deactivated.
Default value:
1
Customer::AuthTwoFactor::RequiredSetupException###001-Framework
Defines list of customer user logins (UserLogin) that will be excepted from requiring to setup at least one two-factor authentication method.
This setting can not be deactivated.
Default value:
--- []
AuthTwoFactor::BrowserTrust::Enabled
Defines if trusted browser feature is enabled. If turned on, users will be able to skip two-factor authentication in saved browsers.
This setting can not be deactivated.
Default value:
1
AuthTwoFactor::BrowserTrust::ExpirationPeriod
Defines expiration period in days for trusted browsers. After this time period, trusted browsers will be cleaned up automatically. In order to trust browsers indefinitely, please disable this setting.
Default value:
30
WebApp::API::Agent::TwoFactor::EmailBody
Defines the body text of the two-factor mails sent to agents, with a one-time token for completing the authentication challenge.
This setting can not be deactivated.
Default value:
Hi <OTRS_USERFIRSTNAME>,
You or someone impersonating you has tried to log in into OTRS using your password.
In order to complete the authentication challenge, please use the following one-time code:
<OTRS_OTPTOKEN>
Otherwise, click on the one-time login link below within the next 3 minutes:
<OTRS_CONFIG_HttpType>://<OTRS_CONFIG_FQDN>/agent/one-time-login?tokenBase64=<OTRS_AUTHTOKEN>
If you did not request a login, please report this incident to your administrator, and change your password immediately.
WebApp::API::Agent::TwoFactor::EmailSubject
Defines the subject text of the two-factor mails sent to agents, with a one-time token for completing the authentication challenge.
This setting can not be deactivated.
Default value:
New OTRS login request
WebApp::API::Agent::TwoFactor::SMSBody
Defines the text of the two-factor SMS sent to agents, with a one-time token for completing the authentication challenge.
This setting can not be deactivated.
Default value:
Your OTRS login code is: <OTRS_OTPTOKEN>
WebApp::API::Agent::TwoFactorSetup::EmailBody
Defines the body text of the two-factor setup mails sent to agents, with a one-time token for completing the authentication setup.
This setting can not be deactivated.
Default value:
Hi <OTRS_USERFIRSTNAME>,
You or someone impersonating you requested the two-factor setup for your OTRS account.
In order to complete the authentication setup, please use the following one-time code:
<OTRS_OTPTOKEN>
WebApp::API::Agent::TwoFactorSetup::EmailSubject
Defines the subject text of the two-factor setup mails sent to agents, with a one-time token for completing the authentication setup.
This setting can not be deactivated.
Default value:
New OTRS two-factor setup request
WebApp::API::Agent::TwoFactorSetup::SMSBody
Defines the text of the two-factor SMS sent to agents, with a one-time token for completing the authentication setup.
This setting can not be deactivated.
Default value:
Your OTRS two-factor setup code is: <OTRS_OTPTOKEN>
WebApp::API::Customer::TwoFactor::EmailBody
Defines the body text of the two-factor mails sent to customers, with a one-time token for completing the authentication challenge.
This setting can not be deactivated.
Default value:
Hi <OTRS_USERFIRSTNAME>,
You or someone impersonating you has tried to log in into OTRS using your password.
In order to complete the authentication challenge, please use the following one-time code:
<OTRS_OTPTOKEN>
Otherwise, click on the one-time login link below within the next 3 minutes:
<OTRS_CONFIG_HttpType>://<OTRS_CONFIG_FQDN>/external/one-time-login?tokenBase64=<OTRS_AUTHTOKEN>
If you did not request a login, please report this incident to your administrator, and change your password immediately.
WebApp::API::Customer::TwoFactor::EmailSubject
Defines the subject text of the two-factor mails sent to customers, with a one-time token for completing the authentication challenge.
This setting can not be deactivated.
Default value:
New OTRS login request
WebApp::API::Customer::TwoFactor::SMSBody
Defines the text of the two-factor SMS sent to customers, with a one-time token for completing the authentication challenge.
This setting can not be deactivated.
Default value:
Your OTRS login code is: <OTRS_OTPTOKEN>
WebApp::API::Customer::TwoFactorSetup::EmailBody
Defines the body text of the two-factor setup mails sent to customers, with a one-time token for completing the authentication setup.
This setting can not be deactivated.
Default value:
Hi <OTRS_USERFIRSTNAME>,
You or someone impersonating you requested the two-factor setup for your OTRS account.
In order to complete the authentication setup, please use the following one-time code:
<OTRS_OTPTOKEN>
WebApp::API::Customer::TwoFactorSetup::EmailSubject
Defines the subject text of the two-factor setup mails sent to customers, with a one-time token for completing the authentication setup.
This setting can not be deactivated.
Default value:
New OTRS two-factor setup request
WebApp::API::Customer::TwoFactorSetup::SMSBody
Defines the text of the two-factor setup SMS sent to customers, with a one-time token for completing the authentication setup.
This setting can not be deactivated.
Default value:
Your OTRS two-factor setup code is: <OTRS_OTPTOKEN>