Session: How to 2FA-enable Open Source Applications

Everyone knows passwords are terrrible for security. But rolling out two-factor authetication (2FA) is tricky. Not only do you need to update applications to use 2FA, but you need to consider what happens if an end-user loses their credential. If you love open source tools like WordPress, SuiteCRM, NextCloud, RocketChat, and OnlyOffice, a 2FA solution is now within your grasp. And you are not limited to just OTP or SMS. You can integrate support for FIDO tokens, mobile push notifiations, or even popular SaaS services, like Duo Security. In this workshop, you’ll learn:

  • Which 2FA technologies can be used without paying a license;
  • How to enable users to enroll and delete 2FA credentials;
  • How configure open source applications to act as a federated relying party–delegating authentication to a central service
  • How custom applications can act as a federated relying party