Adding 2FA to BookStack Wiki
-
@flaxking said in Adding 2FA to BookStack Wiki:
What's wrong with the third party auth and SAML supported by Bookstack?
I suggested that we look at SAML providers for this. That sounds like a good idea.
-
@Pete-S said in Adding 2FA to BookStack Wiki:
I don't know which identity provider to pick though - if you are not already committed to something.
We don't have one yet in this instance.
-
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
I don't know which identity provider to pick though - if you are not already committed to something.
We don't have one yet in this instance.
Might not make sense in this case but we're actually looking to use Zoho as an identity provider for SAML. So you'd sign in to Bookstack or other app using your Zoho login.
I don't know what other options Zoho have but it looks like Zoho can act as a SAML identity provider if you have Zoho One or Zoho Vault Enterprise.
-
@Pete-S said in Adding 2FA to BookStack Wiki:
I don't know what other options Zoho have but it looks like Zoho can act as a SAML identity provider if you have Zoho One or Zoho Vault Enterprise.
That's what I'd like, but we don't have either of those and neither does the client in question.
-
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
I don't know what other options Zoho have but it looks like Zoho can act as a SAML identity provider if you have Zoho One or Zoho Vault Enterprise.
That's what I'd like, but we don't have either of those and neither does the client in question.
IDaaS providers such as onelogin are not ultra cheap. I think SSO+MFA is going to be $4/user/month.
But then you have support for SAML and OpenID Connect for unlimited apps as well as hardware tokens, OTP, APIs and the works.
-
@Pete-S said in Adding 2FA to BookStack Wiki:
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
I don't know what other options Zoho have but it looks like Zoho can act as a SAML identity provider if you have Zoho One or Zoho Vault Enterprise.
That's what I'd like, but we don't have either of those and neither does the client in question.
IDaaS providers such as onelogin are not ultra cheap. I think SSO+MFA is going to be $4/user/month.
But then you have support for SAML and OpenID Connect for unlimited apps as well as hardware tokens, OTP, APIs and the works.
Yeah, that might defeat the overall purpose. That adds up really quickly when it's just for a wiki.
-
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
I don't know what other options Zoho have but it looks like Zoho can act as a SAML identity provider if you have Zoho One or Zoho Vault Enterprise.
That's what I'd like, but we don't have either of those and neither does the client in question.
IDaaS providers such as onelogin are not ultra cheap. I think SSO+MFA is going to be $4/user/month.
But then you have support for SAML and OpenID Connect for unlimited apps as well as hardware tokens, OTP, APIs and the works.
Yeah, that might defeat the overall purpose. That adds up really quickly when it's just for a wiki.
True, but don't they use mail or any other service?
-
@Pete-S said in Adding 2FA to BookStack Wiki:
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
I don't know what other options Zoho have but it looks like Zoho can act as a SAML identity provider if you have Zoho One or Zoho Vault Enterprise.
That's what I'd like, but we don't have either of those and neither does the client in question.
IDaaS providers such as onelogin are not ultra cheap. I think SSO+MFA is going to be $4/user/month.
But then you have support for SAML and OpenID Connect for unlimited apps as well as hardware tokens, OTP, APIs and the works.
Yeah, that might defeat the overall purpose. That adds up really quickly when it's just for a wiki.
True, but don't they use mail or any other service?
Sure, but that doesn't offset the Vault cost. So still looking at $6/u/mo just for wiki sign in!
-
I don't know what all is required but is it possible to use the google-authenticator-libpam module with modifications to the /etc/pam.d/nginx file.
I was thinking, if Ubuntu GUI can use it, nginx can use pam modules, is it possible to mesh it with bookstack???
This could be totally irrelevant as I am just throwing some crap ideas out there.
-
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
@scottalanmiller said in Adding 2FA to BookStack Wiki:
@Pete-S said in Adding 2FA to BookStack Wiki:
I don't know what other options Zoho have but it looks like Zoho can act as a SAML identity provider if you have Zoho One or Zoho Vault Enterprise.
That's what I'd like, but we don't have either of those and neither does the client in question.
IDaaS providers such as onelogin are not ultra cheap. I think SSO+MFA is going to be $4/user/month.
But then you have support for SAML and OpenID Connect for unlimited apps as well as hardware tokens, OTP, APIs and the works.
Yeah, that might defeat the overall purpose. That adds up really quickly when it's just for a wiki.
True, but don't they use mail or any other service?
Sure, but that doesn't offset the Vault cost. So still looking at $6/u/mo just for wiki sign in!
It could. First with SSO you move everything to SSO so it's not just for the wiki. Log in once and be done with it. And if the client for instance use google for email (workplace) then they already have an SSO solution without needing anything extra.
-
@Pete-S said in Adding 2FA to BookStack Wiki:
And if the client for instance use google for email (workplace) then they already have an SSO solution without needing anything extra.
They have no SSO source right now.