Thanks to BTACTIC, an open source & cloud solution that has created a great add-on MALDUA’S Zimbra OSE 2FA Extension & Administration Zimlet. This add-on enables the Two Factor Authentication feature on Zimbra Open Source Edition.
I have tested it on Zimbra 8.8.15 OSE and Zimbra 10 OSE (unofficial) and it works.
# Install MALDUA’S Zimbra OSE 2FA Extension
pip3 install lastversion
Plese run as user ROOT
mkdir /tmp/zimbra-ose-2fa cd /tmp/zimbra-ose-2fa/ lastversion --format assets --only 0.6.0 extract https://github.com/btactic/zimbra-ose-2fa
Install MALDUA’S Zimbra OSE 2FA Extension
Note: On multi server, run above step on every mailboxes servers
su - zimbra -c 'zmmailboxdctl restart'
Now, open Zimbra Admin to enable TFA on COS or per account
– Tick Enable 2FA for enable.
– Tick Require 2FA if you want to enforce 2FA for user. When user login from webmail, user will be enforce to set-up 2FA
Login to webmail to Begin set-up 2FA
Insert password first to setup 2FA
You must install authenticator app to insert Key from generated in the next step
Add key to the authenticator app
Enter code generated by authenticator app
If the code matches, you have successfully set up 2FA
Now, when user login from webmail, user will be asked 2FA code generated by authenticator app
For setup application who does not support TOTP, you can generate application passcode. You can follow guidance from Zimbra Wiki: https://wiki.zimbra.com/wiki/Zimbra_Two-factor_authentication
Good luck 🙂