A few days ago ownCloud introduced the new market place. Using the market place ownCloud adminsitrators  can easily and quickly install ownCloud apps. The privacyIDEA ownCloud App by NetKnights is one of the first available apps in the market place. Using the privacyIDEA ownCloud App companies and organizations can secure the login to ownCloud with a centrally managed multi factor authentication. The authentication devices of the users are managed within privacyIDEA authentication system.

Installing the privacyIDEA ownCloud App

Within ownCloud X the administrator can enter the market place via the top left menu.

He needs to filter the categories for “security”. There are several advantages of a centrally managed 2FA system in contrast to the integrated TOTP app. The administrator can define which user has to use a second factor and the users can use this very second factor, this authentication device for any other application like VPN or desktop login.

Clicking on the privacyIDEA ownCloud App or “privacyIDEA Two Factor Authentication” will display all the details of the app in the market place.

Now the administrator can install the app by clicking the blue “install” button. The installation is rather quick. After successful installation the blue button turns grey.

Configuring privacyIDEA ownCloud App

Now the administrator needs to configure the privacyIDEA ownCloud app.

To do this, he needs to enter the top right menu via Settings->Additional and can now see the section privacyIDEA 2FA. There he needs to configure the URL of the privacyIDEA server. Usually this is something like https://myserver/validate/check.

Warning: You maybe need to remove the checkbox “Verify SSL certificate” for your tests. We very much recommend the have this checkbox checked for productive use!

That’s all. Now the administrator is done configuring the privacyIDEA ownCloud app.

Configuration of privacyIDEA

We assume that privacyIDEA is already installed following one of the many possible installation scenarios. Now the administrator needs to configure the user store in privacyIDEA, so that privacyIDEA knows the ownCloud users and the administrator or the users can enroll tokens.

Define user store

The administrator first needs to configure the user store. In this example we are using the ownCloud database as user source. The administrator needs to go to Configuration -> Users.

Create user realm

The the configured user store needs to be joined to a realm. Under Configuration->Realm the administrator can create a realm with this user store. In this example the realm is called “oc”.

When entering the user-tab, the administrator will now see all the ownCloud users within privacyIDEA.

Enroll Token

Now the administrator or the user himself can enroll a token. This could be a TOTP/Smartphone-App or any other of the many supported token types within privacyIDEA.

The administrator can select a user object and enroll a token to this user. Alternatively users can login to the privacyIDEA WebUI and enroll a token for themselves.

Thus the administrator or IT department can manage, which user has which token (second factor). If any authentication device gets lost, privacyIDEA provides means to centrally allow temporary access for such a user or to enroll a new (temporary) token.

Login

When logging in to ownCloud, in the first step the user needs to enter his username and his ownCloud password. In a second dialog the user is asked for his second factor which is verified against privacyIDEA.

Please note, that you need a subscription file for the privacyIDEA ownCloud App for productive use.

Have a successful authentication!