Could you please describe how Google 2-Step Verification (https://www.google.com/landing/2step/) should be integrated into Zabbix? Should Zabbix support Google accounts?

Google 2FA should be implemented at the zabbix login level. There are tools available for linux platforms to accomplish this. We use 2FA in our PaaS environment hosted by AWS. Our zabbix servers are there also and we'd like the extra layer of security.

Yes, it would be helpful for Zabbix to support Google accounts where we enforce 2FA on all our users.

I think @Ric means, user auto registration (self registration) and sign ins to Zabbix web interface by OAuth 2.0 providers.
The best demo here http://play.grafana.org/login

2FA would be good option but as @Vadim wrote - it would be nice to be able login to zabbix with google account. My company works entirely on google apps so login with same credentials to zabbix would be straight forward.

Let me clarify things a bit:

2FA (Two-Factor Authentication) is a mechanism that uses two sources to authenticate a user, e.g. password + sms, password + google authenticator app code, password + e-mail code and so forth. This helps a lot with security and is often a must in an enterprise environment.

Google account log-in is an SSO (single sign-on) where you can use same account to access multiple systems at a time and I think we should keep tracking of SSO separately from 2FA, but would be great to integrate both. There are also many SSO providers available, e.g. GitHub, Facebook, OpenID.

Hello,
I am not a developer just a DevOps engineer but love Zabbix and enjoy using it. Our production instance badly needed 2FA for compliance reasons and since we use DUO as 2FA provider company wide for different applications I decided to try to implement it here too https://duo.com/docs/duoweb. Turns out it works nicely:
1. Administrator selects whether to use 2FA at all and which type (now only DUO implemented but I guess it is easy to add google, etc).
2. User logs in and if Zabbix' authentication is successful and the user does not exist at DUO yet he/she is provided with several on-screen steps to enroll his device/phone, after it is done every time the user logs in he/she is presented with a choice 'Send me a push', 'Call me' or 'Enter a passcode' and proceeds to Zabbix only after authenticated using one of these methods.
I'd posted some screenshots but don't know how to attach pictures here.

Bottom line I'd be happy to share my code for your review, would love to see this in Zabbix stable release so please let me know how to contribute (surprisingly I did not find any decent documentation about cloning, forking, pushing etc - GitHub's terminology).
In any case many thanks to Zabbix developers! Great job!

Hi Evgeny,

I am interested to see the code, looking for similar implementation. It will be helpful if you can share your code to [email protected].

Thanks

Hi Robert,

I don't see better way to share my code other than GitHub https://github.com/BGmot/zabbix

Cheers.

Thanks for the share

I would also like the ability to use OAuth2 self-registration.

2FA becomes more and more important for security.

Is it possible to merge GitHub https://github.com/BGmot/zabbix with the offical source?

Made an account specifically to vote on this request

I've also created an account so that I can vote for this feature.

I've implemented the BGmot "Duo" solution on Zabbix 5, which is really good.

Would be great if this could be merged with the official source.

IMHO must have for public available installations

Is´t possible to merge this solution - https://github.com/BGmot/zabbix/tree/release/6.4-bg/bg-scripts for 2FA with to official Zabbix source ?

Because after update / upgrade zabbix function 2FA is not available and we must to impletemented solution once more.

Thank´s.

can everyone vote again for ZBXNEXT-6876

so that this feat req doesn't stay at the bottom