As of Dradis Pro v4.16, you can now have multi-factor authentication across a wide variety of One-Time-Password providers such as Authy, Google Authenticator, and others.
You can install Dradis OTP with the Integration and Tool Manager in the Tools tab.
Once Dradis OTP is installed, users on your Dradis instance will be prompted to configure MFA on their next login, using a QR code. Users can use that code in their preferred authentication app on their mobile phones and follow their setup steps. From now on, that MFA method will be used on subsequent logins.
To disable Dradis OTP again, an Admin must simply remove Dradis OTP from the Integration and Tool Manager. Then all users will again be able to log in without MFA.
In case a user needs to change their MFA method - for example, if they lose or change their phones - then any user with command line access to the Dradis instance will need to delete their token, so that the user is prompted to configure a new OTP method on their next login. To do so, in your Dradis instance as the dradispro
user:
$ cd /opt/dradispro/dradispro/current/ $ RAILS_ENV=production bundle exec rails console irb> user = User.find(ID)
Sub in the user's ID above. You can find it by mousing over the Edit button next to their user on the Users menu. Alternatively you can find them by email, by replacing User.find(ID)
with User.find_by_email('my@user.com')
.
Next:
irb> user.access_tokens
That should list all access tokens for that user. You should see one with a line like:
AccessToken:0x000000010c898f48 id: 1, name: "otp:token", token: "[FILTERED]", user_id: 1,
What matters is the id
value for the token with name: "otp:token"
. Use that in the below, replacing the ID
with the id
value you just found:
irb> AccessToken.find(ID).destroy
If you're running into issues, please contact our support team and let us know!
Your email is kept private. We don't do the spam thing.