This module enables both <ahref="u2f.html"class="wikilink1"title="documentation:2.0:u2f">U2F</a> and <ahref="totp2f.html"class="wikilink1"title="documentation:2.0:totp2f">TOTP</a> Authentication <em>(like Gitlab)</em>. Therefore, users can use their TOTP instead if they don't have their U2F device.
<liclass="level1"><divclass="li"><strong>Activation</strong>: set it to “on”. Note that you should not enable <ahref="u2f.html"class="wikilink1"title="documentation:2.0:u2f">U2F</a> and <ahref="totp2f.html"class="wikilink1"title="documentation:2.0:totp2f">TOTP</a> separately <em>(except for self-registration: see below)</em></div>
<liclass="level1"><divclass="li"><strong>Authentication level</strong>: you can overwrite here auth level for registered users. Leave it blank keeps auth level provided by first authentication module (By default: 2 for user/password based modules). It is recommended to set an higher value here if you want to give access to apps just for enrolled users.</div>
<divclass="notetip">Every other parameters of <ahref="u2f.html"class="wikilink1"title="documentation:2.0:u2f">U2F</a> and <ahref="totp2f.html"class="wikilink1"title="documentation:2.0:totp2f">TOTP</a> can be set in the corresponding 2F modules except that you should not enable them.
</div><divclass="noteimportant">If you want to give a different level for U2F or TOTP, leave this parameter blank and set U2F and TOTP “authentication level” in corresponding modules.
This module has no self-registration. You have to use U2F and TOTP self registration modules. Example: suppose you want to allow U2F registration only if a TOTP secret is registered: