Thanks to BTACTIC, an open source & cloud solution that has created a great add-on MALDUA’S Zimbra OSE 2FA Extension & Administration Zimlet. This add-on enables the Two Factor Authentication feature on Zimbra Open Source Edition.
I have tested it on Zimbra 8.8.15 OSE and Zimbra 10 OSE (unofficial) and it works.
# Install MALDUA’S Zimbra OSE 2FA Extension
Download lastversion
pip3 install lastversion
Plese run as user ROOT
mkdir /tmp/zimbra-ose-2fa cd /tmp/zimbra-ose-2fa/ lastversion --format assets --only 0.6.0 extract
Install MALDUA’S Zimbra OSE 2FA Extension
./ --compulsory
Note: On multi server, run above step on every mailboxes servers
Restart Mailbox
su - zimbra -c 'zmmailboxdctl restart'
Now, open Zimbra Admin to enable TFA on COS or per account
– Tick Enable 2FA for enable.
– Tick Require 2FA if you want to enforce 2FA for user. When user login from webmail, user will be enforce to set-up 2FA
Login to webmail to Begin set-up 2FA
Insert password first to setup 2FA
You must install authenticator app to insert Key from generated in the next step
Add key to the authenticator app
Enter code generated by authenticator app
If the code matches, you have successfully set up 2FA
Now, when user login from webmail, user will be asked 2FA code generated by authenticator app
For setup application who does not support TOTP, you can generate application passcode. You can follow guidance from Zimbra Wiki:
Good luck 🙂
saya coba di zimbra berhasil, buka via webmail juga sukses, tapi kalo setting di client outlook dan thunderbird msh blm berhasil, ada panduannya juga nggak pak yg untuk setting di client ms outlook dan thunderbird?
Terima kasih
Hi mas,
Bisa gunakan passcode. Panduannya di sini:
How can this implement in zextras carbonio mail server ?
You can try to install classic UI on your Zextras Carbonio CE to use this guidance
It seems that when changing the main password of the email account, all created 2FA application passwords are purged, although this should not happen. Apparently, it’s a bug?
Hi Samuil,
I have not tested on my lab. Maybe you can open case on Github
Hello Imanudin Ahmad,
Our Two-Factor Authentication for Zimbra Open Source Edition is working well.
How can we grant permission to the delegated admin to manage the users 2FA.
The delegated admin was created/setup as per your post :
The “TFA Right” currently is not available
unable to run “lastversion –format assets –only 0.6.0 extract” getting this below error message, could please help me to resolve this issue.
“/usr/lib64/python3.6/ RuntimeWarning: The default behavior of tarfile extraction has been changed to disallow common exploits (including CVE-2007-4559). By default, absolute/parent paths are disallowed and some mode bits are cleared. See for more details. RuntimeWarning)”
Hi Robert,
You can download TFA for Zimbra OSE directly from Github
Thank you Sir and I’ve downloaded TFA directly from Github and its working fine