Thanks to BTACTIC, an open source & cloud solution that has created a great add-on MALDUA’S Zimbra OSE 2FA Extension & Administration Zimlet. This add-on enables the Two Factor Authentication feature on Zimbra Open Source Edition.
I have tested it on Zimbra 8.8.15 OSE and Zimbra 10 OSE (unofficial) and it works.
# Install MALDUA’S Zimbra OSE 2FA Extension
Download lastversion
pip3 install lastversion
Plese run as user ROOT
mkdir /tmp/zimbra-ose-2fa cd /tmp/zimbra-ose-2fa/ lastversion --format assets --only 0.6.0 extract https://github.com/btactic/zimbra-ose-2fa
Install MALDUA’S Zimbra OSE 2FA Extension
./install.sh --compulsory
Note: On multi server, run above step on every mailboxes servers
Restart Mailbox
su - zimbra -c 'zmmailboxdctl restart'
Now, open Zimbra Admin to enable TFA on COS or per account
Note:
– Tick Enable 2FA for enable.
– Tick Require 2FA if you want to enforce 2FA for user. When user login from webmail, user will be enforce to set-up 2FA
Login to webmail to Begin set-up 2FA
Insert password first to setup 2FA
You must install authenticator app to insert Key from generated in the next step
Add key to the authenticator app
Enter code generated by authenticator app
If the code matches, you have successfully set up 2FA
Now, when user login from webmail, user will be asked 2FA code generated by authenticator app
For setup application who does not support TOTP, you can generate application passcode. You can follow guidance from Zimbra Wiki: https://wiki.zimbra.com/wiki/Zimbra_Two-factor_authentication
Good luck 🙂
saya coba di zimbra berhasil, buka via webmail juga sukses, tapi kalo setting di client outlook dan thunderbird msh blm berhasil, ada panduannya juga nggak pak yg untuk setting di client ms outlook dan thunderbird?
Terima kasih
Hi mas,
Bisa gunakan passcode. Panduannya di sini: https://wiki.zimbra.com/wiki/Zimbra_Two-factor_authentication#Application_Passcode
How can this implement in zextras carbonio mail server ?
Hello,
You can try to install classic UI on your Zextras Carbonio CE to use this guidance
It seems that when changing the main password of the email account, all created 2FA application passwords are purged, although this should not happen. Apparently, it’s a bug?
Hi Samuil,
I have not tested on my lab. Maybe you can open case on Github
Hello Imanudin Ahmad,
Our Two-Factor Authentication for Zimbra Open Source Edition is working well.
How can we grant permission to the delegated admin to manage the users 2FA.
The delegated admin was created/setup as per your post :
https://imanudin.net/2021/01/07/how-to-create-admin-delegation-in-zimbra-ose/
Clifford
Hi
The “TFA Right” currently is not available
unable to run “lastversion –format assets –only 0.6.0 extract https://github.com/btactic/zimbra-ose-2fa” getting this below error message, could please help me to resolve this issue.
“/usr/lib64/python3.6/tarfile.py:2221: RuntimeWarning: The default behavior of tarfile extraction has been changed to disallow common exploits (including CVE-2007-4559). By default, absolute/parent paths are disallowed and some mode bits are cleared. See https://access.redhat.com/articles/7004769 for more details. RuntimeWarning)”
Hi Robert,
You can download TFA for Zimbra OSE directly from Github
Thank you Sir and I’ve downloaded TFA directly from Github and its working fine
Hi,
Which version of zimbra ose do you run ? and where could I get it?
Thanks for any information.
Hi Danny,
I’m using the FOSS edition of the Z10. You can download directly from the Github repo for updates
How can I drop application passcode ? In OSE not functionality for this.
How can I reset 16-symbols key given from authentication setup ?
Hi,
You can try the method from this link (my another blog) : https://imanudin.com/2024/08/12/menonaktifkan-two-factor-authentication-di-zimbra/
Turning the parameter on/off did not help. The value is stored somewhere.
Hi,
You can try using CLI/SOAP method
Thanks a lot !!! It’s work for me.
And how can I generate passcode for mail application ?
Hi,
You can follow the guidance from Zimbra Wiki[1]
[1] https://wiki.zimbra.com/wiki/Zimbra_Two-factor_authentication#Application_Passcode
What kind of mail app support 2fa zimbra ?
Hi,
For mail app, you can use application code as a password replacement
I tested using exchange activesync and it didn’t work.
Hi,
Please use application code as a password replacement
Hi Imanudin,
Apakah ini bisa jalan di 9 FOS edition dan Ubuntu server 18 ?
Hi mas,
Sangat bisa