jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-04-26 06:17:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
home-assistant.io/source/_docs/authentication/multi-factor-auth.markdown
Jason Hu 33f4632161 Add TOTP MFA docs (#6089) 
* Add TOTP MFA docs

* Remove configuration options
2018-08-27 09:23:08 +02:00

3.2 KiB
Raw Blame History

layout title description date redirect_from sidebar comments sharing footer
page Multi-factor authentication Guide on configuring different multi-factor authentication modules. 2018-08-23 09:40 /components/auth/ true false true true

This is an advanced feature. If misconfigured, you will not be able to access Home Assistant anymore!

Besides the authentication providers, it's also possible to configure multi-factor authentication modules. These authentication modules will require the user to solve a second challenge besides just logging in. The idea is that you ask the user for something they know, their username/password, and something they have, like a time-based authentication token from their phone.

Multi-factor authentication module can be used mixed-match with authentication providers. After normal authentication provider validation, the login flow will ask user for addional challenge if there are multi-factor authentication modules enabled for this user. If more than one mutli-factor authentication module enabled, user can select one of them during the login.

Multi-factor authentication module has to be enabled for user before it can be used in the login process, user can go to profile page enable it by himself.

{% linkable_title Configuring mutli-factor authentication modules %}

By configuring your own instead of using the default configuration, you take full responsibility for the authentication of the system.

Multi-factor authentication modules are configured in your configuration.yaml under the homeassistant: block:

homeassistant:
  auth_mfa_modules:
    - type: totp

{% linkable_title Available mutli-factor authentication modules %}

Below is a list of currently available auth providers.

{% linkable_title Time-based One-Time Password mutli-factor authentication module %}

Time-based One-Time Password is widely adopted in modern authencation system, it combines a secret key with the current timestamp using a cryptographic hash function to generate a one-time password. Whoever possessed the secret key will get same one-time password in certain time period. By verifying that password, Home Assistant knows the user have the right secrt key.

When try to set up TOTP module, a QR code will show up, user can scan it by an authenticator app, or set it up manauly using the code showed in UI. After setup, user need to input a six digit number generate in the autendicator app to verify the setup is good. If the verificaiton keep falling, you need to check whether the clock on Home Asistant is accurate.

There are several authenctior apps on the market, we recommend either Google Authenticator or Authy

Please treat the secret key like a password, never exposure it to others.

By default one TOTP multi-factor named "Authenticator app" will be auto loaded if no auth_mfa_modules config section defined in configuration.yaml.

Example of configuration

homeassistant:
  auth_mfa_modules:
    - type: totp