Two factor authentication (2FA) is available in the coming release of R2019c. The user is authenticated by username and password first, a code of 6 digits is sent to the email address of the user account, the code must be entered to log into Calem. 2FA is not enabled out of the box. Admin of Calem can enable 2FA at system level or user level. 2FA is available for Calem web clients.
After the username and password are authenticated, an additional code sent to the user's email on file is required to complete the login.
1. Configure 2FA by User
2FA can be enabled by user. Every time the user logs in with a username and password, a code is sent to the user email on file in Calem. The user must use the code to complete the login.
- Menu path: Org module | ACL Profiles | User List
- If 2FA is enabled at user level, the 2FA is required for the user to login.
- If 2FA is not enabled at a user level, the system configuration is used.
2. Configure 2FA at System Level
The system level configuration can be:
- 0 – 2FA is turned off. Individual users can turn on 2FA.
- 1 – 2FA is turned on for new browsers. If a new browser is used 2FA is required to login. Next time login with the same browser will not require 2FA. This is applicable to 2FA by email only.
- 2 – 2FA is turned on all the time. Users log into Calem with username, password, and a code to log into Calem.
- The configuration line can be added to Calem_Home/server/conf/calem.custom.php.
$_CALEM_dist['admin_conf']['mfa_on']=0;
- The 2FA email may be placed into your spam folder so check your spam folder when looking for the Calem email with authentication code.
For on-premise deployment of Calem the 2FA may be turned off if 2FA is provided through another mechanism. For instance, a VPN is required to access Calem deployed on-premise. The VPN has 2FA enabled.
Additional resources