Changes between Version 1 and Version 2 of net.sf.basedb.otp/using

Timestamp:

Jun 19, 2018, 9:42:49 AM (6 years ago)

Author:

Nicklas Nordborg

Comment:

Update and clarified user instructions

net.sf.basedb.otp/using

@@ -3 +3 @@
 == Configuring OTP login for a user ==
 
-Note that this is something that each user need to do themselves. This can't be done by the server administrator. A smartphone or similar device that has the capability to read a barcode is needed. The device must also be able to run some an app for generating one-time passwords. For example, the [https://freeotp.github.io/ FreeOTP] app is available for both Anroid and iOS.
+'''Note that the OTP setup must be done by the end user. This can't be done by the server administrator.''' 
+
+A smartphone or similar device that has the capability to read a QR code is needed. The device must also be able to run some an app for generating one-time passwords. For example, the [https://freeotp.github.io/ FreeOTP] app is available for both Anroid and iOS, but
+any app that is compatible with the [https://en.wikipedia.org/wiki/Google_Authenticator Google authenticator] implementation should work.
 
  1. Go the login page of the BASE installation.
  2. Click on the link for setting up OTP. A popup dialog window should be opened.
- 3. Fill in your username in the '''Login''' field and your password in the '''Password''' field.
- 4. A QR code should automatically be generated. Use the OTP app on your device to scan the QR code. It should
-    automatically configure a record with the settings that are needed.
- 5. You also have the possibility to change your password, but this is an optional step.
+ 3. Fill in the username in the '''Login''' field and the password in the '''Password''' field.
+ 4. A QR code should automatically be generated. Use the OTP app on the device to scan the QR code. It should
+    automatically configure an entry with the settings that are needed.
+ 5. In the setup dialog, there is also a possibility to change the password. This is optional.
  6. Let the OTP app generate a one-time passcode. Enter it in the '''One-time passcode''' field.
- 7. Click on '''Save'''. 
- 8. If something goes wrong and you have to start over you should delete the entry in your OTP app before restarting the setup.
+ 7. Click on '''Save'''.
+
+'''Notes'''
+ 
+ * If something goes wrong and you have to start over you should delete the entry in your OTP app before restarting the setup.
+ * Once the OTP setup has been completed it can't be removed except by a server administrator.
 
 == Logging in ==
 
-Once a user has configured OTP (see below), that user must always login with OTP. 
+Once a user has configured OTP, that user must always login with OTP. 
 
  1. Type in the regular username in the '''Login''' field.
@@ -24 +31 @@
  4. Note the regular password is not needed.
 
+'''Notes'''
+
+ * The server admin may decide if OTP should be optional or required. If it is optional the 
+   '''One-time passcode''' field is named '''OTP or password''' instead.
+
 == Remove OTP from a user account ==
 
 This can only be done by a server administrator. 
 
- 1. Go to the ''Administrate->Users''' list, locate the user and and open the edit dialog.
+ 1. Go to the '''Administrate->Users''' list, locate the user and and open the edit dialog.
  2. Switch to the '''Additional info''' tab, and clear the '''OTP Key''' field.
  3. Save.
 
+== Force OTP to be used ==
+
+This can be done for all users by editing the `base-otp.properties` file and setting the
+`require-otp` setting. See the [wiki:install installation instructions] for more information.
+
+This can also be done per user account:
+
+ 1. Go to the '''Administrate->Users''' list, locate the user and and open the edit dialog.
+ 2. Switch to the '''Additional info''' tab, and enabled the '''OTP is required''' option.
+ 3. Save.