Use differents Authentication Servers / method per users or User Group ?

Started by PiX, April 24, 2025, 11:53:39 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 24, 2025, 11:53:39 AM
Hello Team,

I am new to OPNsense product and currently working on hardening the authentication.

As far as I can see, there is no way to configure various authentication methods per user or per user group ? Is that correct ?

In my exemple, I would like to force MFA (LocalDB or LDAP + TOTP) for all users but one (emergency local account with no MFA). But as far as I can see the authentication servers are configured globally for all users. This means that as soon as "Local Database" is part of the allowed authenticated servers, all users existing locally will be able to connect without TOTP.

It would be nice being able to configure Authentication Server per Users or Users Groups rather than globally. Is there a trick to achieve this ? or a plugin ?

Thanks for your support !
Regards,
PiX
April 24, 2025, 11:59:51 AM #1
No trick, I am also dearly missing this feature.

I'd love to enforce 2FA but have the root account without and with a, say, 30 character password stored somewhere safe. Just in case e.g. time synchronisation is lost and 2FA stops working ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions