双重身份验证

Two-factor authentication (2FA) is a security measure that helps prevent unauthorized access to user accounts.

Practically, 2FA means storing a secret in an authenticator, usually on a mobile phone, and exchanging a code from the authenticator when logging in.

This means an unauthorized user would need to guess the account password and have access to the authenticator, which is a more difficult proposition.

要求

重要

这些列表只是示例。它们**并非**对任何特定软件的认可。

基于电话的身份验证器最简单,也最常用。例子包括:

密码管理器是另一种选择。常见的例子包括:

注解

本文档的其余部分以 Google Authenticator 为例,因为它是最常用的产品之一。这**并非**对该产品的认可。

双因素身份验证设置

选择验证器后,登录 Odoo,然后点击右上角的个人档案头像,并从下拉菜单中选择 我的个人档案

点击 账户安全 选项卡,然后将 双因素认证 切换至 启用

The account secuirty tab in a user profile.

这将弹出一个 安全控制 窗口,要求确认密码才能继续。输入适当的密码,然后点击 确认密码。接下来,会弹出一个 双因素身份验证激活 窗口,并带有 QR code。

The 2fa authentication QR code in Odoo.

使用所需的身份验证程序,按提示扫描 QR code。

小技巧

If scanning the screen is not possible (e.g., the setup is being completed on the same device as the authenticator application), click the provided Cannot scan it? link, or copying the code to set up the authenticator manually, is an alternative.

A 2fa secret code on an authentication popup.

之后,验证器应显示一个*验证码*。

A view of the Google authenticator app with the six digit code for 2fa.

验证码 字段中输入验证码,然后点击 启用

The success message that appears in a user profile when 2fa is successfully enabled.

正在登录

要确认 2FA 设置已完成,请注销 Odoo。

在登录页面,输入用户名和密码,然后点击 登录。在:guilabel:双因素身份验证`页面,在:guilabel:`验证码`字段中输入所选验证器提供的验证码,然后点击:guilabel:`登录

启用 2fa 后的登录页面。

危险

如果用户失去了对其身份验证器的访问权限,管理员**必须**停用账户上的 2FA,用户才能登录。

实行双因素认证

To enforce 2FA for every user in the database, navigate to the Settings app. In the Permissions section, tick the checkbox labeled Enforce two-factor authentication. Then, use the radio buttons to choose whether to apply this setting to Employees only or All users.

注解

Selecting All users applies the setting to portal users in addition to employees.

点击 保存 提交任何未保存的更改。

设置程序中的强制执行双因素设置。