In addition to user id/passwords, Xeams supports two-factor authentication (2FA), also known as multi-factor authentication (MFA), and is available for administrators and non-admin users. Two types of validation are available:
To enable 2FA for the account, click Two-Factor Authentication under the Home menu. See the images below.
Administrators can enforce 2FA/MFA across the board for every user. To do that, click Server Configuration, select the Advanced tab and check Mandatory 2FA.
Xeams will force users to use 2FA if this option is checked.
It is possible for users to lock themselves out if either they lose their mobile device. Therefore, Xeams allow administrators to temporarily disable 2FA for selective users.
Following steps demonstrate how to disable 2FA for a single user.
When connecting from
localhost you can optionally bypass administrators from using 2FA. This is done by adding
the following line in server.properties file.
skip.2fa.from.localhost=trueNote that this option is only applicable when connecting from
2FA settings are not cluster-enabled. This means if you enable 2FA on the master, slaves will not use the same settings. This is done by design to enhance security as well as preventing lockouts.
When using TOTP for 2FA, you may run into a name collision since both master and slaves are called "Xeams". You will get an error in your mobile app when trying to scan the QR code on the slave machine. Use the following steps to avoid this name collision:
xeams_slave1to any other unique value.