Skip to content

ArkID

MultiOTPSecond factor certification

官方IDaaS

longguikeji/arkid

ArkID

longguikeji/arkid

Home
Start Quickly
Start Quickly
- Privatization
  Privatization
- Version Upgrade
  Version Upgrade
User Guide
User Guide
- Novice Tutorial
  Novice Tutorial
- User Manual
  User Manual
  - Register and log in
  - General User
    General User
    
    Approval request
    
    Authorization
    
    Certification management
    
    desktop
    
    My news
    
    Personal management
    
    Switch to tenants
  - Tenant Administrator
    Tenant Administrator
    
    Application management
    
    Approval management
    
    authority management
    
    Certification management
    
    Extension
    
    graph analysis
    
    Identity data source
    
    Log management
    
    Plug -in management
    
    Tenant management
    
    User Management
  - Platform Administrator
    Platform Administrator
    
    app Store-Private application
    
    Language Package Management
    
    Menu management
    
    Platform configuration
    
    Platform plug -in management
    
    Tenant list
Business Cooperation Guide
Business Cooperation Guide
- ArkIDAgent
- Income calculator
- ArkIDOperator
- TechnicalConsultationAndSupport
- Arkid Developer
  Arkid Developer
  - Application access
  - Plug -in
Developer Guide
Developer Guide
- Configuration Development Environment
  Configuration Development Environment
- Application Access
  Application Access
- Plug In Development
  Plug In Development
  - Develop the first plug -in
  - Plug In Guide
    Plug In Guide
    
    API
    
    Configuration
    
    database
    
    Documentation
    
    event
    
    front end
    
    mistake
    
    multi-language
    
    Piprely
    
    Plug -in base class
  - Plug In Classification
    Plug In Classification
    
    AccountLifeCycle
    
    ApplicationProtocol
    
    ApprovalSystem
    
    Authentication
    
    AuthorizationRules
    
    AutomaticAuthentication
    
    Cache
    
    CertificationRules
    
    DataAnalysisSystem
    
    data synchronization
    
    MessageMiddleware
    
    Multi LanguagePackage
    
    Overview
    
    Page theme
    
    ShortMessage
    
    StaticStorage
    
    WorthMentioning
  - Test And Release
    Test And Release
    
    Release
    
    Test
- Reference Documentation
  Reference Documentation
About Us
About Us
Other Plug In
Other Plug In
- Com longgui account active
  Com longgui account active
- Com longgui app protocol cas server
  Com longgui app protocol cas server
- Com longgui app protocol ldapserver
  Com longgui app protocol ldapserver
- Com longgui app protocol multiaccount
  Com longgui app protocol multiaccount
- Com longgui app protocol radius client
  Com longgui app protocol radius client
- Com longgui app protocol radius server
  Com longgui app protocol radius server
  - FreeRadius+RestImplement route authentication
- Com longgui app protocol saml2
  Com longgui app protocol saml2
- Com longgui auth factor email
  Com longgui auth factor email
- Com longgui auth factor ldap
  Com longgui auth factor ldap
- Com longgui auth factor otp
  Com longgui auth factor otp
- Com longgui auth factor saml2
  Com longgui auth factor saml2
- Com longgui auth factor scan
  Com longgui auth factor scan
- Com longgui auth factor webauthn
  Com longgui auth factor webauthn
- Com longgui auth rule black list
  Com longgui auth rule black list
- Com longgui auth rule white list
  Com longgui auth rule white list
- Com longgui auto auth kerberos
  Com longgui auto auth kerberos
- Com longgui cache redis
  Com longgui cache redis
- Com longgui custom field
  Com longgui custom field
- Com longgui export user
  Com longgui export user
- Com longgui external idp dingding
  Com longgui external idp dingding
- Com longgui external idp feishu
  Com longgui external idp feishu
- Com longgui external idp gitee
  Com longgui external idp gitee
- Com longgui external idp miniprogram
  Com longgui external idp miniprogram
- Com longgui external idp wechatscan
  Com longgui external idp wechatscan
- Com longgui external idp wechatwork
  Com longgui external idp wechatwork
- Com longgui external idp wechatworkscan
  Com longgui external idp wechatworkscan
- Com longgui language en
  Com longgui language en
- Com longgui message artemis
  Com longgui message artemis
- Com longgui multiotp
  Com longgui multiotp
- Com longgui other app subscribe
  Com longgui other app subscribe
- Com longgui register notice
  Com longgui register notice
- Com longgui scim sync ad
  Com longgui scim sync ad
- Com longgui scim sync database
  Com longgui scim sync database
- Com longgui scim sync dingding
  Com longgui scim sync dingding
- Com longgui scim sync feishu
  Com longgui scim sync feishu
- Com longgui scim sync mssql
  Com longgui scim sync mssql
- Com longgui scim sync wechatwork
  Com longgui scim sync wechatwork
- Com longgui system doc
  Com longgui system doc
System Plug In
System Plug In
- Com longgui account life arkid
  Com longgui account life arkid
- Com longgui app protocol oidc
  Com longgui app protocol oidc
  - Code example
  - OAuth2
  - OIDC
- Com longgui app proxy nginx
  Com longgui app proxy nginx
- Com longgui approve system arkid
  Com longgui approve system arkid
- Com longgui auth factor authcode
  Com longgui auth factor authcode
- Com longgui auth factor mobile
  Com longgui auth factor mobile
- Com longgui auth factor password
  Com longgui auth factor password
- Com longgui auth rule retry times
  Com longgui auth rule retry times
- Com longgui auto form fill
  Com longgui auto form fill
- Com longgui case
  Com longgui case
  - Docs
    Docs
    
    English
    
    English
- Com longgui external idp github
  Com longgui external idp github
- Com longgui impower rule
  Com longgui impower rule
  - DefaultImpowerRule
- Com longgui language zh
  Com longgui language zh
- Com longgui menu
  Com longgui menu
- Com longgui scim sync arkid
  Com longgui scim sync arkid
- Com longgui sms aliyun
  Com longgui sms aliyun
- Com longgui storage local
  Com longgui storage local

MultiOTPSecond factor certification#

Features#

By deploying Multiotp on the server side Server，User Windows System Install MultiotPCREDENTIALPROVIDER, Implement the user's local login or log in to Windows through remote desktop，
In addition to providing user passwords (local account passwords or AD account passwords in the domain environment)，Still need to provide OTP dynamic password，In order to log in to Windows。

Configuration guide#

Install Multiotp Server#

Download Multotp installation packageInstall WebService serviceConfirm that the service has been installed

Download link：https://download.multiotp.net/

In Windows SEVER decompression compression，The administrator executes the webservice in the Windows directory_Install script

Use Chrome to open the Multiotp address：http://localhost:8112/

Windows ServerUsers who need to be synchronized on the upper configuration#

Create safety groupSafety group adds synchronization users

Synchronize AD user to Multiotp#

Configure the MultiOTP server and client certification passwordConfigure Multiotp synchronization parameters and synchronizeCheck the user that has been synchronizedClick the print buttonBinding mobile phone authentication softwareMobile phone authentication software display dynamic code

Open Powershell terminal, Enter the Windows directory under the MultiotP decompression directory to execute the following command

.\multiotp -config server-secret=secret2OTP

Open Powershell terminal, Enter the Windows directory under the MultiotP decompression directory to execute the following command，Pay attention to changing the address of AD，port，Usernames and password parameters

.\multiotp -config default-request-prefix-pin=0
.\multiotp -config default-request-ldap-pwd=0
.\multiotp -config ldap-server-type=1
.\multiotp -config ldap-cn-identifier="sAMAccountName"
.\multiotp -config ldap-group-cn-identifier="sAMAccountName"
.\multiotp -config ldap-group-attribute="memberOf"
.\multiotp -config ldap-ssl=0
.\multiotp -config ldap-port=389
.\multiotp -config ldap-domain-controllers=DC.dragon.com
.\multiotp -config ldap-base-dn="DC=dragon,DC=com"
.\multiotp -config ldap-bind-dn="CN=Administrator,CN=Users,DC=dragon,DC=com"
.\multiotp -config ldap-server-password="2wsx@WSX"
.\multiotp -config ldap-in-group="2FAVPNUsers"
.\multiotp -config ldap-network-timeout=10
.\multiotp -config ldap-time-limit=30
.\multiotp -config ldap-activated=1
.\multiotp -debug -display-log -ldap-users-sync

Use Microsoft Authenticator Or Google Authenticator scan QR code

Dynamic code is updated every 30 seconds

User computer installation MultiotPCREDENTIALPRovider#

Open the download pageClick to download the linkDecompress installationSet Multiotp Server URL and passwordClick NextConfigure local login and remote login whether a dynamic code requiresClick to install

Open https://download.multiotp.net/, Click Credential-provider link

Fill in the URL and Secret of Multiotp，Secret and Multiotp configured above The server password remains the same

Fill in the URL and Secret of Multiotp，Secret and Multiotp configured above The server password remains the same

Restart the computer，Verify OTP dynamic code#

Enter the user passwordEnter the mobile phone dynamic code

评论