Configuring the PEM server to use two-factor authentication v9
PEM supports two methods for 2FA:
- Email authentication
- Authenticator app (such as Google Authenticator)
To enable 2FA, you can copy these settings from the config.py
file to the config_local.py
file and modify the following parameters.
Parameter | Description |
---|---|
MFA_ENABLED | Set to true to enable the two-factor authentication. Default value is false . |
MFA_FORCE_REGISTRATION | Set to true to ask the users to register forcefully for the two-factor authentication methods at login. Default value is false . |
MFA_SUPPORTED_METHODS | Set to email to use the email authentication method (send a one-time code by email) or authenticator to use the TOTP-based application authentication method. |
MFA_EMAIL_SUBJECT | Set to the subject of the email for email authentication. Default value is <APP_NAME> - Verification Code . |
Mail server configuration
To use the email authentication method, you need to configure mail server settings.
PEM server can send an email using either the SMTP configurations saved in the PEM configuration or using Flask-Mail.
To send the email verification code using the internal SMTP configuration from the PEM configuration, set the parameter MAIL_USE_PEM_INTERNAL
to True
. If set to False
, the following mail configuration is used to send the code on the user-specified email address:
- MAIL_SERVER = 'localhost'
- MAIL_PORT = 25
- MAIL_USE_TLS = False
- MAIL_USE_SSL = False
- MAIL_USERNAME = None
- MAIL_PASSWORD = None
- MAIL_DEFAULT_SENDER = None
For more details about these configurations, see the Flask-Mail documentation.
Note
PEM SMTP alerts don't use this configuration.
- On this page
- Mail server configuration