How to enable MFA on OnPremise Passbolt

Checklist
[ X] I have read intro post: About the Installation Issues category
[ X] I have read the tutorials, help and searched for similar issues
[ X] I provide relevant information about my server (component names and versions, etc.)
[ X] I provide a copy of my logs and healthcheck
[ X] I describe the steps I have taken to trouble shoot the problem
[ X] I describe the steps on how to reproduce the issue

Hello,

We have Communitiy, OnPremise 3.5.0. How can I enable MFA? When I get to the Administration area (since I am an admin) I dont see any security-related options. Can you please help?

thank you.

Hi @mlakatamitis ,

If you are on 3.5 (version from January 2022) you should consider update your instance to benefit from security updates and as well to get access to MFA (since 3.9.0) and folders (since 3.12)

follow the guide corresponding to your installation: Passbolt Help | Update

Also, have a look at the release not of the 3.5 since the keys of package expired last year and we updated them. The procedure to follow is here: Passbolt Help | Wide Open

Cheers,
Max

Thanks Max,

Updating our Passbolt worked fine. However, I cannot find how to enforce the MFA policy for all my users. In addition to this, is there any way to enforce the sessions to expire, let’s say, every 5 minutes of idle time? I only want my users to login with MFA, get their password, and if they forget logging out, they should be forced-logging out.

thank you again

For MFA

For session expiration

On an AWS installation, I can manually navigate to https://[mydomain]/app/administration/mfa-policy but cannot use any of the options. I followed the update guides and literally stood this server up yesterday evening, so not sure if the AWS image is broken or not.

Just to be sure you have HTTPS set up for this server, correct? It is a requirement for using MFA

It is enabled. The domain begins with https://passvault.my_domain.com and is part of the AWS build option. I only had to choose the AMI instance and it did the rest according to the passbolt documentation found here and here on the PassBolt Help section