Skip to content

[DOC] SQSERVICES-1500 Document 2nd Factor Password Challenge Team Feature #2329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
battermann merged 5 commits into from
Apr 28, 2022
Merged

[DOC] SQSERVICES-1500 Document 2nd Factor Password Challenge Team Feature #2329

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
45447aa
2nd factor password challenge docs
battermann Apr 28, 2022
8e20786
changelog
battermann Apr 28, 2022
4fbc214
additional explanation of lock status
battermann Apr 28, 2022
18d5649
updated docs
battermann Apr 28, 2022
60b5868
hi ci
battermann Apr 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/4-docs/pr-2329
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Documentation for the 2nd factor password challenge feature
1 change: 1 addition & 0 deletions docs/src/how-to/install/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ Installing wire-server
(production) How to monitor wire-server <monitoring.rst>
(production) How to see centralized logs for wire-server <logging.rst>
(production) Other configuration options <configuration-options.rst>
Feature settings <team-feature-settings.md>
sft
restund
configure-federation
Expand Down
30 changes: 30 additions & 0 deletions docs/src/how-to/install/team-feature-settings.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Feature settings

Features can be enabled or disabled on a team level or server wide. Here we will only cover the server wide configuration.

When a feature's lock status is `unlocked` it means that its settings can be overridden on a team level by team admins. This can be done via the team management app or via the team feature API and is not covered here.

## 2nd factor password challenge

By default Wire enforces a 2nd factor authentication for certain user operations like e.g. activating an account, changing email or password, or deleting an account.

If the `sndFactorPasswordChallenge` feature is enabled, a 6 digit verification code will be send per email to authenticate for additional user operations like e.g. for login, adding a new client, generating SCIM tokens, or deleting a team.

Usually the default is what you want. If you explicitly want to enable additional password challenges, add the following to your Helm overrides in `values/wire-server/values.yaml`:

```yaml
galley:
# ...
config:
# ...
settings:
# ...
featureFlags:
# ...
sndFactorPasswordChallenge:
defaults:
status: enabled
lockStatus: locked
```

Note that the lock status is required but has no effect, as it is currently not supported for team admins to enable or disable `sndFactorPasswordChallenge`. We recommend to set the lock status to `locked`.