<h1class="sectionedit1"id="e-mail_as_second_factor">E-Mail as Second Factor</h1>
<divclass="level1">
<p>
This plugin adds the user's e-mail account as a second authentication factor.
</p>
<p>
After logging in through another authentication module, a one-time code will be generated by the portal and sent to the user's e-mail address. The user will be prompted for this code in order to finish the login process.
</p>
<divclass="noteimportant">This plugin will only improve security in situations where the user's email is not protected by the same password used to login on LemonLDAP::NG.
And of course, if the user's email account is also protected by LemonLDAP::NG, they will not be able to open their mailbox to find out their one-time code.
</div>
</div>
<!-- EDIT1 SECTION "E-Mail as Second Factor" [1-668] -->
Before configuring this module, make sure the user's email address is correctly fetched from your UserDB plugin and appears in the session browser. If you want to store the user e-mail in a different session field than <code>mail</code>, go to “General Parameters » Advanced parameters » SMTP” and set the “Session key containing mail address” parameter.
</p>
<p>
All parameters are configured in “General Parameters » Second factors » Mail second factor”.
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Activation</strong>: Set to <code>On</code> to activate this module. If a user does not have an email address, they will encounter an error on login. If you want to use this plugin only for users who have an email address, use <code>$mail</code> (or whatever your e-mail session key is) as the activation rule.</div>
</li>
<liclass="level1"><divclass="li"><strong>Code regex</strong>: The regular expression used to generate one-time codes. The default is a 6-digit code.</div>
</li>
<liclass="level1"><divclass="li"><strong>Code timeout</strong>: It might take a while for users to open their e-mail account and find the code. Raise this timeout if the default (2 minutes) isn't enough.</div>
</li>
<liclass="level1"><divclass="li"><strong>Mail subject</strong>: The subject of the email the user will receive. If you leave it blank, it will be looked up in translation files.</div>
</li>
<liclass="level1"><divclass="li"><strong>Mail body</strong>: The plain text content of the email the user will receive. If you leave it blank, the <code>mail_2fcode</code><abbrtitle="HyperText Markup Language">HTML</abbr> template will be used. The one-time code is stored in the <code>$code</code> variable</div>
</li>
<liclass="level1"><divclass="li"><strong>Authentication level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
<liclass="level1"><divclass="li"><strong>Logo</strong> (Optional): logo file <em>(in static/<skin> directory)</em></div>