inventree/inventree-docs
2
0
Fork 0
mirror of https://github.com/inventree/inventree-docs.git synced 2025-04-28 13:46:54 +00:00
Code

spelling fixes

Browse Source
This commit is contained in:
Matthias Mair 2021-11-03 23:16:15 +01:00
parent 5845e82460
commit d85e107154
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/settings/MFA.md
View File

@ -4,9 +4,9 @@ title: InvenTree Multi Factor Authentication
## Multi Factor Authentication ## Multi Factor Authentication
InvenTree gives the option to use TOTP or staticly generated backup tokens as an additional factor to password or SSO authentication. This is a widely adopted security feature on enterprise web services. We highly encourage to enable it if you expose your instance to the public internet. InvenTree gives the option to use TOTP or statically generated backup tokens as an additional factor to password or SSO authentication. This is a widely adopted security feature on enterprise web services. We highly encourage to enable it if you expose your instance to the public internet.
As TOTP is an [open standard](https://datatracker.ietf.org/doc/html/rfc6238) there are a lot of different ways to hold your key and generate the time based tokens needed for authentication. That ranges from physical devices to password managers and mobile apps. We do not advertise any method but reccomend to keep password and token generator seperate from each other. As TOTP is an [open standard](https://datatracker.ietf.org/doc/html/rfc6238) there are a lot of different ways to hold your key and generate the time based tokens needed for authentication. That ranges from physical devices to password managers and mobile apps. We do not advertise any method but recommend to keep password and token generator seperate from each other.
### Configuration ### Configuration
@ -15,4 +15,4 @@ To make MFA mandatory for all users
### Security Consideration ### Security Consideration
A user can lock themself out if they loose access to both the device with their TOTP app and their backup tokens. An admin can delete their tokens from the admin pages (they exsist under the 'TOTP devices' / 'static devices' models) . This should be a last resort and only done by people knowledgeable about the [admin pages](../settings/admin.md) as changes there might circumvent InvneTrees buisness and security logic. A user can lock themself out if they lose access to both the device with their TOTP app and their backup tokens. An admin can delete their tokens from the admin pages (they exsist under the 'TOTP devices' / 'static devices' models) . This should be a last resort and only done by people knowledgeable about the [admin pages](../settings/admin.md) as changes there might circumvent InvneTrees buisness and security logic.