Responsive Menu
Add more content here...

Passwords integration (2FA authentication)

Passwords integration with Gapp (2FA authentication)

Passwords

Passwords is a secrets manager for GLPI. It offers the availability of credentials between users and focuses heavily on refined permissions based on entities, groups, types, and access levels.

Passwords can be linked to several GLPI items, generate a history of accesses and uses, and provide a convenient method to access them to streamline the technician’s efficiency without sacrificing security.

Passwords plugin

Passwords additional security layer by using Gapp as a 2FA

By using the two-factor authentication feature of the Passwords plugin in the mobile app, an additional layer of security is added, requiring confirmation through Gapp to access any password in GLPI.

Configuration

To pair Gapp with your GLPI user and be able to validate access to Passwords you will have to follow a few steps:

Step 1

The first step is to have a profile with access to Passwords. In this case, we’ll use the Super-Admin profile.

passwords-2fa-profile

Step 2

If we go to the Gapp settings (the gear icon next to the user information), we can see the option to pair Gapp with our GLPI account to validate access to Passwords.

passwords-2fa-configuration-screen

Step 3

If we select the Passwords 2FA option, we’ll be prompted to create a security PIN, which we’ll need to remember for future access validation. Additionally, if the device supports it, we can use biometric authentication (such as a fingerprint reader) to validate access.

passwords-2fa-pin-code

Step 4

After entering a PIN, we’ll move on to linking Gapp with our GLPI account. Gapp will display a dialog with instructions on how to generate the code, which we must scan with Gapp to complete the link successfully.

passwords-2fa-scan-qr

Step 5

To complete the pairing, follow the steps outlined in the dialog box: in GLPI, go to My Settings > Passwords > Generate QR to pair with Gapp. A QR code will appear on the screen, which you’ll need to scan using the screen in Gapp that appears after pressing the Continue button in the dialog box.

passwords-2fa-succesfully-paired

How to use

Once Gapp is paired with our GLPI account, we can start validating password access in GLPI using 2FA through Gapp.

When accessing a password in Passwords, you’ll see a series of buttons. If you click the copy or view button, Gapp will receive a notification requesting validation to access that password.

passwords-2fa-access-request-notification

When you click on this notification, the app will ask for the PIN you set up in step 3 of the previous section.

passwords-2fa-access-request-notification-enter-pin
passwords-2fa-access-request-granted-succesfully

If your device is already set up to use fingerprint recognition for unlocking, you can also authorize access at this step using that authentication method. The process is similar to the previous one, but without the need to remember the previously set PIN.

passwords-2fa-access-request-notification-enter-fingerprint
passwords-2fa-access-request-notification-enter-fingerprint-2
passwords-2fa-access-request-granted-succesfully

2FA Password States

In Gapp settings, the Passwords 2FA button can have three different states:

Not configured

A gray shield appears. In this state Gapp has not yet been paired with its user in GLPI.

passwords-2fa-configuration-screen

Paired

A green shield appears. In this state Gapp is paired with its user in GLPI and will receive push notifications to validate access from GLPI.

passwords-2fa-paired-screen

Unpaired

A red shield appears. This state indicates that another device has already been paired to your user in GLPI but it is not the device you are using.

It is possible that no other device is paired, but the current device has logged out or reinstalled Gapp and the internal encryption keys do not match.

To pair the device again, simply repeat the pairing procedure.

In this state, Password access cannot be validated.

passwords-2fa-unpaired-screen

Gapp White Label Manual

Gapp White Label logo

Main Manual Page

barcodeplus

Assets - Barcode - QR Scanner

ActualTime: The time tracking plugin for GLPI

ActualTime - Waypoint - Vehicle

ai-chatbot

UXÍA - AI Chatbot

Charge Plugin

Credit vouchers - Charge

formcreator-alternative

Form Creator

plugin-news-alerts-alt

News - Alerts

Asset Handover GLPI Plugin

Asset Handover - Gapp Sign

Passwords plugin

Passwords