With recent data breaches in our industry, I need to urgently secure mautic
Mautic as it stands does not comply with any cybersecurity insurance policies.
What options do we have within mautic to limit brute force attacks and broadly speaking implement a 2fa login process?
Be very happy with something basic such as an email/sms code,
followed up by social only login and lately an authenticator such as google authenticator.
Google authenticators being powerful but a big user barrier, and alot of config / user support
Only protection I have is the firewall/cloudflare and users being smart about their passwords.
Lastpass breach has all but made the smart passwords rule reliable
As far as I know there is no reliable solution / plugin.
I would chip in if you come up with something.
The Google Authenticator plugin no longer works, although it was fine for years.
Have you successfully played with the saml sso?
Haven’t found the best documentation online for this
Got Keycloak up and running
The SAML docs are rather thin tho
Stuck on generating the xml meta file as my mautic nginx setup keeps redirecting to the dashboard
Can’t find any tutorials or examples of what this metadata.xml is meant to look like for manual config
No, I just wanted to do 2FA as step 1.