"
Hello Team,
I am new to OPNsense product and currently working on hardening the authentication.
As far as I can see, there is no way to configure various authentication methods per user or per user group ? Is that correct ?
In my exemple, I would like to force MFA (LocalDB or LDAP + TOTP) for all users but one (emergency local account with no MFA). But as far as I can see the authentication servers are configured globally for all users. This means that as soon as "Local Database" is part of the allowed authenticated servers, all users existing locally will be able to connect without TOTP.
It would be nice being able to configure Authentication Server per Users or Users Groups rather than globally. Is there a trick to achieve this ? or a plugin ?
Thanks for your support !
Regards,
PiX
I am new to OPNsense product and currently working on hardening the authentication.
As far as I can see, there is no way to configure various authentication methods per user or per user group ? Is that correct ?
In my exemple, I would like to force MFA (LocalDB or LDAP + TOTP) for all users but one (emergency local account with no MFA). But as far as I can see the authentication servers are configured globally for all users. This means that as soon as "Local Database" is part of the allowed authenticated servers, all users existing locally will be able to connect without TOTP.
It would be nice being able to configure Authentication Server per Users or Users Groups rather than globally. Is there a trick to achieve this ? or a plugin ?
Thanks for your support !
Regards,
PiX
