Implemented MFA / 2FA for Omada Cloud
This repeated request has been merged into the main thread Request - Please add two factor authentication to the omada cloud managment. . Please vote on the main thread.
Implemented MFA / 2FA for Omada Cloud
Hi there,
As I've been working through a medium sized PoC/PoV deployment I came across a security gap in the Omada Cloud offering.
Is MFA / 2FA functionality on the roadmap for the OC200 / software controller and the cloud remote managemnt?
A similar setup to how Ubiquiti does it would be great! (via an authenticator app or WebAuthN).
This would be a great addition!
Thanks!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Fae wrote
Dear @whoisbotsman,
whoisbotsman wrote
Would you be able to provide an ETA for the 5.0 release and confirm the MFA feature is getting added into it?
For your reference, the ETA for the Omada SDN Controller v5.0 that supports 2FA is around October 2021.
If it helps, I'm sure those of us in the thread would be happy to beta test 2FA.
Is the plan to support TOTP (via a generic authenticator app) or will additional methods like WebAuthN be supported?
- Copy Link
- Report Inappropriate Content
Hello,
It seems this is happening. I have not connected my Omada setup to the cloud yet but their web interface seem to have 2FA implemented. I have also managed to turn it on. Read the warnings before you do it though (as stated above, it requires v5.0):
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Will 2FA also be added for the OC200 and OC300 hardware controlers when they are managed from the web through TP links website omada.tplinkcloud.com?
- Copy Link
- Report Inappropriate Content
Yes, 2FA is desperately needed.
I tried turning on 2FA in my account but, after scanning the QR code then the token code created by google authenticator was not accepted by the tplink site. So, it looks like it's a bit buggy.
Warm regards,
Chris
- Copy Link
- Report Inappropriate Content
@Gunnebah I actually went back and reread everything that was posted and I was able to get two Factor authentication working with the tp-link online portal which is connected to my OC200 controller. Local two-factor Authentication does not work with my OC200 local login but I'm okay with that now since the online portals probably the greatest risk. I set up two-factor authentication with the Google Authenticator. My only suggestion would be try reinstalling the Google Authenticator and also making sure that the time is correct on your android/iphone device.
- Copy Link
- Report Inappropriate Content
@Teck359 the web interface works but when you try logging in to the mobile app you get these messages.
- Copy Link
- Report Inappropriate Content
I've tried to enable 2FA on my Omada account and it will not work. I can successfully add the QR code to the Google Authenticator app but when I type the code in it says invalid token or server busy, try again later. Tried with multiple browsers and same result. Also tried deleting QR code and then adding again but still not working. iPhone date and time all correct so this must be an issue with the TP-Link servers.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
It is out for Windows! I couldn't test it as I don't have a Windows machine.
Download link: https://www.tp-link.com/en/support/download/omada-software-controller/#Controller_Software
Relese notes: https://static.tp-link.com/upload/software/2021/202111/20211101/Release%20Note_Windows.pdf
1. Supported device models and firmware
EAP
EAP110_V4 3.20.0 Build 20200525 Rel.36899 and above EAP115_V4 3.20.0 Build 20200525 Rel.36931 and above EAP225_V3 2.20.0 Build 20200422 Rel.70513 and above EAP245_V3 2.20.0 Build 20200423 Rel.36779 and above EAP115-Wall_V1 1.20.0 Build 20200509 Rel.63986 and above
EAP225-Wall_V2 1.20.0 Build 20200422 Rel.70504 and above EAP110-Outdoor_V3 3.20.0 Build 20200511 Rel.33388 and above EAP225-Outdoor_V1 1.20.0 Build 20200422 Rel.70543 and above EAP660 HD, EAP620 HD, EAP615-Wall, EAP610, EAP610-Outdoor, EAP265 HD, EAP230-Wall, EAP235-Wall
Switch
TL-SG3452P, TL-SG3452, TL-SG3428XMP, TL-SG3428MP, TL-SG3428X, TL-SG3428, TL-SG3210XHP-M2, TL-SG3210 V3, TL-SX3206HPP, TL-SX3016F, TL-SX3008F, TL-SG2428P, TL-SL2428P V4, TL-SG2210MP, TL-SG2218, TL-SG2210P V3.2 and above, TL-SG2008P, TL-SG2008 V3 and above.
Gateway
ER605 (TL-R605), ER7206 (TL-ER7206)
2. New Feature/Enhancement
1) Added Two-Factor Authentication (2FA) feature for Cloud Access, Omada APP
(4.0.X and above) and local web login with Cloud Users.
2) Added DHCP Reservation in Services, allowing pre-configuration and support for reserving IP addresses outside the DHCP Range.
3) Removed the insecure WEP and WPA/TKIP algorithms from the wireless network. SSIDs encrypted with these algorithms will be removed after upgrading.
4) Adjusted API for External Portal, please refer to FAQ3231.
5) Optimized the account structure and the privileges of accounts with different roles.
6) Added support for Form Authentication type to the Hotspot Portal.
7) Added support for Korean, Thai, and Vietnamese support to the Portal.
8) Added support for multiple languages for names of Controllers, Devices, and Clients.
9) Optimized the startup interface of Controller for Windows platform.
10) Added support for OpenJDK8 and above for Windows platform.
11) Added pre-configuration for Internet during Quick Setup.
12) Retain the advanced feature settings when removing or replacing the Omada Gateways, such as VPN, Port Forwarding, etc.
13) Added support for saving the customized names for clients.
14) Optimized the SSID Override feature and allow disabling SSID.
15) Optimized the upgrading process for EAPs supporting PoE Out.
16) Optimized the export file names for Backup and Export Data functions.
17) Increased the number of “Limited IP Addresses” for Port Forwarding to a maximum of 24.
3. Bug Fixed
1) Fixed the bug that the VPN status was not updated in time.
2) Fixed the bug that the push notification of Omada APP on the iOS platform displayed the MAC addresses of the devices instead of their names.
3) Removed the limitation on the length of the Top-Level Domain Name.
4) Fixed the bug that IP addresses cannot be entered using the French keyboard.
Notes
1) Omada SDN Controller can only manage certain devices running the supported firmware. Please confirm that your device is compatible with the SDN Controller.
2) If you are using an old Controller and plan to upgrade to this version, please follow the procedure of the Omada Controller Upgrade Guide.
3) Once upgraded to this version of Omada Controller, you will be NOT able to downgrade to version 3.2.14 or below.
4) This version of the controller is applied to the Omada APP of version 4.0.X or above.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 10
Views: 17293
Replies: 54