Mattermost, Inc.

Add support for 2 factor authentication

It would be great if 2 factor authentication (in any form) could be added to mattermost (or even the whole gitlab suite).

For me that would mean that I can explore mattermost as a website to the internet, allowing colleagues to use it from anywhere including mobile devices.

Currently we use Yubikey’s, so a simple radius authentication hook would be sufficient, as we can add the otp token to the password (a bit difficult on mobile, but not impossible).
But any form of 2 factor would do for us.

This already exists in GitLab, and if you have Mattermost set up to only do OAUTH against GitLab, then by extension Mattermost will use the same sign-in mechanism.

I forgot about that option. But it is lacking one feature (or maybe 2) these are:

  • Enforce the usage of 2 factor
  • Allow an administrator to reset the 2nd factor in case of loss (might be possible, but could not find it documented, same holds true for combining it with external (ldap) authentication)

Currenly I am running this solution, but is quite limited. I have to choose between:

  • local accounts in gitlab for 2factor authentication
  • commercial version of gitlab for 50+ users (and only 5 developers) with 2factor otp enabled on ldap accounts (AD based)
  • commercial version of gitlab for 50+ users (and only 5 developers) to get our existing smspasscode in the loop, and run saml on top of windows ad (no experience with, but not looking forward to get it sorted out)