Two-Factor Authentication in JumpServer (TOTP and RADIUS)

In the Community Edition, Two-Factor Authentication (2FA) via TOTP (Google Authenticator) is available.

To enable it, navigate to the System Setting - Security - Auth Security section. The 'Global MFA auth' parameter allows you to disable 2FA or enable it for all users or only for administrators.

JumpServer Enterprise offers additional options for Two-Factor Authentication, such as using RADIUS.

To configure Two-Factor Authentication via RADIUS, add the corresponding lines to the JumpServer configuration file.

Open the file:

bash

vi /opt/jumpserver/config/config.txt

Add the RADIUS connection parameters:

AUTH_RADIUS=True
RADIUS_SERVER=IP
RADIUS_PORT=PORT
RADIUS_SECRET=radius_secret

Replace 'IP,' 'PORT,' and 'radius_secret' with the values for your RADIUS adapter.

Then, restart JumpServer to apply the settings:

./jmsctl.sh restart