18 Zeilen
944 B
Markdown
18 Zeilen
944 B
Markdown
|
## How is UV handled in mailcow?
|
||
|
|
||
|
The UV flag (as in "user verification") enforces WebAuthn to verify the user before it allows access to the key (think of a PIN). We don't enforce UV to allow logins via iOS and NFC (YubiKey).
|
||
|
|
||
|
## Login and key processing
|
||
|
|
||
|
mailcow uses **client-side key processing**. We ask the authenticator (i.e. YubiKey) to save the registration in its memory.
|
||
|
|
||
|
A user does not need to enter a username. The available credentials - if any - will be shown to the user when selecting the "key login" via mailcow UI login.
|
||
|
|
||
|
When calling the login process, the authenticator is not given any credential IDs. This will force it to lookup credentials in its own memory.
|
||
|
|
||
|
## Who can use WebAuthn to login to mailcow?
|
||
|
|
||
|
As of today, only administrators and domain administrators are able to setup WebAuthn/FIDO2.
|
||
|
|
||
|
---
|
||
|
**You want to use WebAuthn/Fido as 2FA? Check it out here: [Two-Factor Authentication](u_e-mailcow_ui-tfa.en.md)**
|