documentation:2.0:utotp2f

This modules enables simultaneously U2F and TOTP (like Gitlab). Users can so use their TOTP instead if they don't have their U2F device.

The difference with enabling both U2F and TOTP is that there is only one page displayed instead of displaying first a choice menu.

The corresponding registration module authorize U2F registration only if user has already registered a TOTP secret.

Configuration

In the manager (advanced parameters), you just have to enable it:

Activation: set it to “on”. Note that you should not enable directly U2F and TOTP (except for self-registration: see below)
Authentication level: you can overwrite here auth level for registered users. Leave it blank keeps auth level provided by first authentication module (default: 2 for user/password based modules). It is recommended to set an higher value here if you want to give access to some apps only to users enrolled.

Every other parameters of U2F and TOTP can be set in the corresponding 2F modules except that you should not enable them.

If you want to give a different level for U2F or TOTP, leave this parameter blank and set U2F ant TOTP “authentication level” in corresponding modules.

Self-registration

This module has no self-registration. You must use U2F and TOTP self registration modules. Example: suppose you want to authorize U2F registration only if a TOTP secret is registered:

TOTP self-registration ⇒ enabled
U2F self-registration ⇒ set to $_totp2fSecret

Automatically, U2F registration will be hidden for unregistered TOTP users and displayed then.

U2F-or-TOTP 2nd Factor Authentication

Configuration

Self-registration