enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud in - - PowerPoint PPT Presentation

enteprise enteprise 2fa to your owncloud 2fa to your
SMART_READER_LITE
LIVE PREVIEW

enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud in - - PowerPoint PPT Presentation

Oct 13, 2022 618 likes •923 views

Add Add enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud in 15 minutes in 15 minutes FOSDEM 2019, February 3rd Cornelius Klbel about me about me Cornelius Klbel 2FA since 2005 2014: privacyIDEA

slide-1
SLIDE 1

Add Add

enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud

in 15 minutes in 15 minutes FOSDEM 2019, February 3rd Cornelius Kölbel

slide-2
SLIDE 2

about me about me Cornelius Kölbel 2FA since 2005 2014: privacyIDEA cornelius.koelbel@netknights.it @cornelinux @privacyidea

slide-3
SLIDE 3

Status Status

  • wnCloud 10.

Connected to Active Directory. User authenticates with password.

slide-4
SLIDE 4
  • wnCloud

(10.0.2.16) Active Directory (10.0.2.231) ssh / 1622 https / 16443 virtualbox

slide-5
SLIDE 5

source: https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million- passwords/

slide-6
SLIDE 6

TOTP in ownCloud TOTP in ownCloud Pro: User is in control. Cons: It is TOTP. Cons: User is in control! Cons: biiiiig keychanin.

slide-7
SLIDE 7
slide-8
SLIDE 8

Requirements for enterprise 2FA Requirements for enterprise 2FA Users need to comply to policies. Choose token type that is best for your

  • rganization.

Central management Managed by admins or helpdesk. Can be used for lots of applications.

slide-9
SLIDE 9

What privacyIDEA can do for you What privacyIDEA can do for you Central Mgmt with admins and service desk. Use existing userstore (LDAP, SQL, Flatfile, SCIM) Many token types. Policies and events. Connect your ownCloud, SSH, Desktop, VPN, Web- Application...

slide-10
SLIDE 10

example 2FA setup - enterprise grade example 2FA setup - enterprise grade privacyIDEA reads users from AD. ...and assigns tokens to users. Authentication at

  • wnCloud UI:
  • 1. ownCloud (Active

Directory)

  • 2. privacyIDEA
slide-11
SLIDE 11
  • wnCloud

(10.0.2.16) Active Directory (10.0.2.231) ssh / 1622 https / 16443 virtualbox privacyIDEA (10.0.2.20) ssh / 2022 https / 20443 LDAP LDAP REST- API App

slide-12
SLIDE 12

Installation privacyIDEA on Ubuntu 16.04LTS Installation privacyIDEA on Ubuntu 16.04LTS Start at 9:09am by adding the launchpad repository.

slide-13
SLIDE 13

Read new repo data Read new repo data At 9:10 we update the repository data...

slide-14
SLIDE 14
slide-15
SLIDE 15

System update System update ...and update the system.

slide-16
SLIDE 16
slide-17
SLIDE 17

Install meta pacakge Install meta pacakge At 9:10 we choose to install a meta package...

slide-18
SLIDE 18
slide-19
SLIDE 19

Install meta package Install meta package Wow! All batteries included!

slide-20
SLIDE 20
slide-21
SLIDE 21

Meta package ships its own database Meta package ships its own database During installation at 9:11 we set the MySQL root password.

slide-22
SLIDE 22
slide-23
SLIDE 23

Initial administrator Initial administrator 9:13:34: No standard passwords involved!

slide-24
SLIDE 24
slide-25
SLIDE 25

Install privacyIDEA ownCloud App Install privacyIDEA ownCloud App in under a minute.

0:00 / 0:49

slide-26
SLIDE 26

Hands On! Hands On! Connect privacyIDEA to Active Directory. Enroll Tokens to users. Smartphone App. OTP Card. Yubikey. Configure privacyIDEA ownCloud App. Authenticate. Administratively block user. Provide lost token.

slide-27
SLIDE 27

Next steps... Next steps... Processes... Helpdesk groups... Policies for users and admins... Workflows... Connect more applications...

slide-28
SLIDE 28

Thanks a lot! Thanks a lot!

Star, Clone, Rull Requests: Star, Clone, Rull Requests: https://github.com/privacyidea https://github.com/privacyidea Questions: https://community.privacyidea.org Questions: https://community.privacyidea.org @privacyidea @privacyidea