The use of Two-Factor Authentication increases the security of the Virtualmin web interface by going beyond using a simple password.
How to ensure that all users or a group of users can access Virtualmin with 2FA enabled, without first having access to Virtualmin configurations or without using Google Authenticator? In this case, by using PluginTOTP.
Below how to proceed:
With Virtualmin (step 1):
- Go to the Webmin menu and click on Webmin Configuration.
- In the new interface, click on Two-Factor Authentication and choose Google Authenticator as Authentication provider, then click on the button "Save".
- Still in the Webmin menu, go to the option Webmin Users, in the interface that opens, click on Two-Factor Authentication then in the new interface click on the "Enroll For Two-Factor Authentication" button to complete Enrolling for two-factor authentication with provider Google Authenticator.
- Once enrolling has been confirmed, you'll see the secret code in the interface and the QR code.
With PluginTOTP (step 2):
Use the secret code you obtained in the previous step as the value of PluginTOTP 'secret' parameter.
Example:
{totp secret="HFAYNXE6DSHVH5XJ" interval="60" issuer="MY TIKI"}
Please see PluginTOTP for more information.
Finally, use the token generated by PluginTOTP or by Google Authenticator, in case you scan the QR code, to connect to Virtualmin, after the Username and Password step.