Two-Factor Authentication for Zimbra Open Source Edition

Thanks to BTACTIC, an open source & cloud solution that has created a great add-on MALDUA’S Zimbra OSE 2FA Extension & Administration Zimlet. This add-on enables the Two Factor Authentication feature on Zimbra Open Source Edition.

I have tested it on Zimbra 8.8.15 OSE and Zimbra 10 OSE (unofficial) and it works.

# Install MALDUA’S Zimbra OSE 2FA Extension

Download lastversion

pip3 install lastversion

Plese run as user ROOT

mkdir /tmp/zimbra-ose-2fa
cd /tmp/zimbra-ose-2fa/
lastversion --format assets --only 0.6.0 extract https://github.com/btactic/zimbra-ose-2fa

Install MALDUA’S Zimbra OSE 2FA Extension

./install.sh --compulsory

Note: On multi server, run above step on every mailboxes servers

Restart Mailbox

su - zimbra -c 'zmmailboxdctl restart'

Now, open Zimbra Admin to enable TFA on COS or per account

Note:
– Tick Enable 2FA for enable.
– Tick Require 2FA if you want to enforce 2FA for user. When user login from webmail, user will be enforce to set-up 2FA

Login to webmail to Begin set-up 2FA

Insert password first to setup 2FA

You must install authenticator app to insert Key from generated in the next step

Add key to the authenticator app

Enter code generated by authenticator app

If the code matches, you have successfully set up 2FA

Now, when user login from webmail, user will be asked 2FA code generated by authenticator app

For setup application who does not support TOTP, you can generate application passcode. You can follow guidance from Zimbra Wiki: https://wiki.zimbra.com/wiki/Zimbra_Two-factor_authentication

Good luck 🙂

Source: https://github.com/btactic/zimbra-ose-2fa