2-factor authentication


As more and more web services and applications are now supporting 2-factor authentication (MFA) via one-time passwords (OTP) and/or hardware tokens such as Yubikeys, security conscious users are asking about support for this in Request Tracker.

Is this a planned feature for RT core? Is an extension available adding this functionality?

I’m also interested to learn about how others have integrated their 2FA solution with RT.


We use multi factor authentication with RT, but it is provided by mod_shib in Apache to do Shibboleth single sign on with a shim on our IdP that links to Cisco Duo. Seems to work OK - been in use for several years now. You might want to see what options you have with web server authentication already.