You are here: Foswiki>APPX Web>Appx550Features>Appx2FA (25 Jun 2025, BrianRyan)Edit Attach

APPX Two-Factor Authentication (2FA)

Appx 2FA is an identity and access management security method that requires two forms of identification to access Appx server resources and data. Appx 2FA utilizes time-based one-time passcodes (TOTP) that are time-sensitive to prevent identity theft.

How it works:
    • A secret key, unique to each user account, is shared between the user's authenticator app (like Google, Microsoft, FreeOTP or Authy Authenticators) and the Appx server.
    • The authenticator app uses this secret key and the current time to calculate a one-time password (OTP).
    • The OTP is valid for a short period (typically 30-60 seconds, 30 seconds in the case of Appx) and changes automatically.
    • When a user logs in, they enter the current OTP displayed on their authenticator app, which the Appx server verifies against its own calculation.

Why it's secure:
    • The OTPs are time-sensitive, making it difficult for attackers to intercept and reuse them.
    • TOTP requires something the user has (their device/authenticator app) in addition to something they know (their password), making it more secure than traditional passwords.

To enable 2FA for Appx you have two choices. First , you can enable 2FA site wide by adding ‘APPX_2FA_ENABLED=true’ to your appx.env file. Or two, you can enable 2FA for each individual user account as shown in the screenshot below:

Admin MFA (CHG).jpg

Note: If you want to clear the secret key for any user, simply check the Clear Sec? checkbox (as shown above) and press enter.

Once enabled on your Appx server, the following screen shots show what you will see during the 2FA setup and 2FA login processes:

The QR code as displayed in the Java client:

User QR (Java).jpg

The QR code as displayed in the Html client:

User QR (Html).jpg

For the character mode client, no QR code is displayed only the secret key:

User QR (Character).jpg

The TOTP code as displayed in the Java client:

User TOTP (Java).jpg

The TOTP code as displayed in the Html client:

User TOTP (Html).jpg

The TOTP code as displayed in the character mode client:

User TOTP (Character).jpg

If the TOTP code you entered is rejected, because it was entered wrong or has expired, this is what you will see as shown on the Java client:

User TOTP (Java-REJECTED).jpg

As shown on the Html client:

User TOTP (Html-REJECTED).jpg
I Attachment Action Size Date Who Comment
Admin MFA (CHG).jpgjpg Admin MFA (CHG).jpg manage 97 K 25 Jun 2025 - 09:32 BrianRyan  
User QR (Character).jpgjpg User QR (Character).jpg manage 52 K 25 Jun 2025 - 09:59 BrianRyan  
User QR (Html).jpgjpg User QR (Html).jpg manage 136 K 25 Jun 2025 - 09:51 BrianRyan  
User QR (Java).jpgjpg User QR (Java).jpg manage 88 K 25 Jun 2025 - 09:51 BrianRyan  
User TOTP (Character).jpgjpg User TOTP (Character).jpg manage 31 K 25 Jun 2025 - 10:04 BrianRyan  
User TOTP (Html).jpgjpg User TOTP (Html).jpg manage 92 K 25 Jun 2025 - 10:04 BrianRyan  
User TOTP (Html-REJECTED).jpgjpg User TOTP (Html-REJECTED).jpg manage 124 K 25 Jun 2025 - 10:09 BrianRyan  
User TOTP (Java).jpgjpg User TOTP (Java).jpg manage 43 K 25 Jun 2025 - 10:04 BrianRyan  
User TOTP (Java-REJECTED).jpgjpg User TOTP (Java-REJECTED).jpg manage 46 K 25 Jun 2025 - 10:09 BrianRyan  
Edit  | Attach | Print version | History: r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r1 - 25 Jun 2025, BrianRyan
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback