2-factor authentication is defined here.
Two-factor authentication supports the following modes:
Before the connection is established, an email containing an OTP (one-time password) is sent to the user.
This must be entered before the connection is established.
This feature requires the configuration of a mail server in the “Settings” -> “Notification” menu.
If the email address is to be retrieved from a directory, a field for email must be specified in the directory configuration under “Settings” -> “Directory”.
Google Authenticator
The GA app is required on a smartphone for GA. This can be installed free of charge from the relevant stores.
The GA app must scan a QR code once to create an account.
This code is displayed to the user once during user registration.
The GA app then generates a code that must be entered before the connection is established.
The QR code can be displayed once again for all users or for a specific user under “Settings” -> “Google Authenticator”.
Radius
In this case, a code is generated via a radius server. This must then be entered before the connection is established.
SMS
Before logging in, the user receives an SMS with a code to a specified number.
This must be entered before the connection is established.
To send the SMS, a corresponding service must be configured under “Settings” -> “SMS”.
Depending on the profile settings, the phone number must be determinable either via a directory or via a local user.