Results 1 to 10 of 10

Thread: Using Google Authenticator in Tridium Jace

  1. #1
    Join Date
    Aug 2018
    Posts
    11
    Post Likes

    Using Google Authenticator in Tridium Jace

    Hello Folks,

    Trying to figure this out with internet sources isn't helping me so I'm turning my search to you all.

    I've got a client that is requiring Google Authenticator as a two-factor authentication for users/admins to log into the Jace. They are extremely concerned about Network Security at this site and they would like this to be part of the "policy." Now, I've figured out how to enable SSL/TLS communication for logging in which they also required but I can't seem to find where I would set up the google authenticator to come into play when they are accessing the system.

    Does anyone have any experience with this? And has anyone ever dealt with this sort of request so that I can get the bugs worked out before the system goes live here in a few weeks?

    Any assistance would be greatly appreciated. And I will not be insulted if you post a step-by-step process to get this working as it would save me a butt load of time in configuration and debugging.

    Thanks!

  2. #2
    Join Date
    Oct 2014
    Location
    Columbus, Ohio
    Posts
    1,499
    Post Likes
    Start by finding out whether the Jace even supports that sort of 2FA, and then have your thread moved to the controls forum where those guys will see it.

  3. #3
    Join Date
    Jan 2003
    Location
    USA
    Posts
    6,426
    Post Likes
    Never heard of this. Do they have another site with this working on the jace?

    You might have to write your own auth plugin if one isn't available.
    Propagating the formula. http://www.noagendashow.com/

  4. #4
    Join Date
    Jan 2003
    Location
    USA
    Posts
    6,426
    Post Likes
    4.6 apparently adds this. Look into the gauth palette and docs.
    Propagating the formula. http://www.noagendashow.com/

  5. #5
    Join Date
    Jul 2002
    Posts
    1,368
    Post Likes
    The way we use GA has nothing to do with the controls, it has to do with logging into their network. They gave us an account to log into GA. We then start their VPN and enter the GA number. Once on their network we just enter the IP address. If you are talking about already being onsite and then logging into the controls with GA then I have no idea, unless it's possible with a virtual server.

  6. #6
    Join Date
    Jun 2020
    Posts
    3
    Post Likes
    which Jace wouldnt support 2FA? I have the same authentication problem and Right now I am using Niagara 4.8

  7. #7
    Join Date
    Aug 2018
    Posts
    11
    Post Likes
    Thread Starter
    Quote Originally Posted by Horazeta View Post
    which Jace wouldnt support 2FA? I have the same authentication problem and Right now I am using Niagara 4.8

    Horazeta, I was using 4.6 at the time and later upgraded to 4.7 when it was released. The Google Authenticator still never really worked right so I convinced the site to move away from it and only give those who they want having access to the system the ability to write setpoints. Originally they were going to allow tenants (this is a huge police headquarters) the ability to manage their own spaces but I convinced them that this is a poor idea as they will not be trained in the use of the system and will more than likely mess something up.

    My advice to you is to downgrade immediately from 4.8 to 4.7. or Upgrade to 4.9u1 or 4.10 if you have access to it. 4.8 has some really horrendous bugs in it as well as 4.9 vanilla. 4.9 if you had more than 1 communication loop it would lock down the other comm ports and not allow them to talk. 4.8 at random times the Jetty Web Server would become bogged down and crash so the end users can't access the HVAC system through the web browser only through the Workbench software. I have a ton of sites right now limited to 4.7 because of the numerous bugs and now my own skepticism towards 4.9u1 and 4.10 not having any bugs in it. I've got a couple of sites I'm going to guinea pig the new 4.10 on but i'm still pretty skeptical that its not going to have any issues.

    Anywho, moral of the story is I moved away from using 2FA because I could never get it to work right. It would load up properly, ask for the google authenticator code, then when you enter the 1-time code it would come back to the login screen saying authentication failed. All in all it would be a nice feature but I don't think Tridium has the time to get that worked out as they have plenty of other bugs they need to sort out.

    Thanks for the response!

    Good Luck! Truly consider downgrading your site from 4.8 immediately and you might see some of your issues clear up. No one knows the amount of bugs they have in 4.8 but i'm certain its plenty.

  8. #8
    Join Date
    Jun 2020
    Posts
    3
    Post Likes
    I did solve it!!!

    here is the trick with gmail:

    first: you have to be logged in your google account the first time you set the outgoing email.
    then the port is the 465
    pollrate 30 secs
    debug: true
    Use Ssl: true
    Use Start Tls: false
    transport: smtp
    connection timeout: 10 secs
    use authetication: true
    persistence: false

    after you send the first test email, you can log out again and after those silly steps you are set.

    I hope this help lots of people.

    Greetings from Chile.....

  9. #9
    Join Date
    Aug 2018
    Posts
    11
    Post Likes
    Thread Starter
    Quote Originally Posted by Horazeta View Post
    I did solve it!!!

    here is the trick with gmail:

    first: you have to be logged in your google account the first time you set the outgoing email.
    then the port is the 465
    pollrate 30 secs
    debug: true
    Use Ssl: true
    Use Start Tls: false
    transport: smtp
    connection timeout: 10 secs
    use authetication: true
    persistence: false

    after you send the first test email, you can log out again and after those silly steps you are set.

    I hope this help lots of people.

    Greetings from Chile.....

    Oohhh, you were talking about with emails. I knew how to set up the email service already. This issue pertained to logging in user 2 Factor Authentication to the Tridium Panel itself. Like if I typed my username and password it would then require me to enter a one-time use code to enter the system using that username. Then the next time you would log in it would be a different code that would use the Google Authenticator application on your smart phone.

    Sorry I mis-understood I would've been able to solve your issue lol.

  10. #10
    Join Date
    Sep 2013
    Posts
    723
    Post Likes
    How to use google authentication in Tridium.

    https://youtu.be/LLcOvX149fk


    Sent from my iPad using Tapatalk

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •