Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-27 18:12:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

update MFA docs

Browse Source
This commit is contained in:
JYC333 2025-05-16 10:41:32 +08:00
parent a7cb2c0c23
commit d95a313dad
3 changed files with 48 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html generated
View File

@ -1,5 +1,3 @@
<p><strong>Note: This feature has not been merged yet, so it is not available.</strong>
</p>
<p>Multi-factor authentication (MFA) is a security process that requires <p>Multi-factor authentication (MFA) is a security process that requires
users to provide two or more verification factors to gain access to a system, users to provide two or more verification factors to gain access to a system,
application, or account. This adds an extra layer of protection beyond application, or account. This adds an extra layer of protection beyond
@ -7,7 +5,8 @@
<p>By requiring more than one verification method, MFA helps reduce the risk <p>By requiring more than one verification method, MFA helps reduce the risk
of unauthorized access, even if someone has obtained your password. Its of unauthorized access, even if someone has obtained your password. Its
highly recommended for securing sensitive information stored in your notes.</p> highly recommended for securing sensitive information stored in your notes.</p>
<p>Warning! OpenID and TOTP cannot be both used at the same time!</p> <p><strong>Warning</strong>: OpenID and TOTP cannot be both used at the same
time!</p>
<h2>Log in with your Google Account with OpenID!</h2> <h2>Log in with your Google Account with OpenID!</h2>
<p>OpenID is a standardized way to let you log into websites using an account <p>OpenID is a standardized way to let you log into websites using an account
from another service, like Google, to verify your identity.</p> from another service, like Google, to verify your identity.</p>
@ -17,48 +16,21 @@
every 30 seconds. You use this code, along with your password, to log into every 30 seconds. You use this code, along with your password, to log into
your account, making it much harder for anyone else to access them.</p> your account, making it much harder for anyone else to access them.</p>
<h2>Setup</h2> <h2>Setup</h2>
<p>MFA can only setup on server instance.</p>
<h3>TOTP</h3> <h3>TOTP</h3>
<ol> <ol>
<li> <li>Go to "Menu" -&gt; "Options" -&gt; "MFA"</li>
<p>Start Trilium Notes normally.</p> <li>Click the “Enable Multi-Factor Authentication” checkbox if not checked</li>
</li> <li>Choose “Time-Based One-Time Password (TOTP)” under MFA Method</li>
<li> <li>Click the "Generate TOTP Secret" button</li>
<p>Go to "Menu" -&gt; "Options" -&gt; "MFA"</p> <li>Copy the generated secret to your authentication app/extension</li>
</li> <li>Click the "Generate Recovery Codes" button</li>
<li> <li>Save the recovery codes. Recovery codes can be used once in place of the
<p>Click the "Generate TOTP Secret" button</p> TOTP if you loose access to your authenticator. After a rerecovery code
</li> is used, it will show the unix timestamp when it was used in the MFA options
<li> tab.</li>
<p>Copy the generated secret to your authentication app/extension</p> <li>Re-login will be required after TOTP setup is finished (After you refreshing
</li> the page).</li>
<li>
<p>Set an environment variable "TOTP_SECRET" as the generated secret. Environment
variables can be set with a .env file in the root directory, by defining
them in the command line, or with a docker container.</p><pre><code class="language-text-x-trilium-auto"># .env in the project root directory
TOTP_ENABLED="true"
TOTP_SECRET="secret"</code></pre><pre><code class="language-text-x-trilium-auto"># Terminal/CLI
export TOTP_ENABLED="true"
export TOTP_SECRET="secret"</code></pre><pre><code class="language-text-x-trilium-auto"># Docker
docker run -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e TOTP_ENABLED="true" -e TOTP_SECRET="secret" triliumnext/notes:[VERSION]</code></pre>
</li>
<li>
<p>Restart Trilium</p>
</li>
<li>
<p>Go to "Options" -&gt; "MFA"</p>
</li>
<li>
<p>Click the "Generate Recovery Codes" button</p>
</li>
<li>
<p>Save the recovery codes. Recovery codes can be used once in place of the
TOTP if you loose access to your authenticator. After a rerecovery code
is used, it will show the unix timestamp when it was used in the MFA options
tab.</p>
</li>
<li>
<p>Load the secret into an authentication app like google authenticator</p>
</li>
</ol> </ol>
<h3>OpenID</h3> <h3>OpenID</h3>
<p><em>Currently only compatible with Google. Other services like Authentik and Auth0 are planned on being added.</em> <p><em>Currently only compatible with Google. Other services like Authentik and Auth0 are planned on being added.</em>
@ -66,21 +38,17 @@ docker run -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e TOTP_ENABLE
<p>In order to setup OpenID, you will need to setup a authentication provider. <p>In order to setup OpenID, you will need to setup a authentication provider.
This requires a bit of extra setup. Follow <a href="https://developers.google.com/identity/openid-connect/openid-connect">these instructions</a> to This requires a bit of extra setup. Follow <a href="https://developers.google.com/identity/openid-connect/openid-connect">these instructions</a> to
setup an OpenID service through google.</p> setup an OpenID service through google.</p>
<p>Set an environment variable "SSO_ENABLED" to true and add the client ID <ol>
and secret you obtained from google. Environment variables can be set with <li>Set the <code>oauthBaseUrl</code>, <code>oauthClientId</code> and <code>oauthClientSecret</code> in
a .env file in the root directory, by defining them in the command line, the <code>config.ini</code> file, which located under the Trilium data folder.
or with a docker container.</p> <ol>
<h4>.env File</h4><pre><code class="language-text-x-trilium-auto"># .env in the project root directory <li>You can also setup through environment variables (<code>TRILIUM_OAUTH_BASE_URL</code>, <code>TRILIUM_OAUTH_CLIENT_ID</code> and <code>TRILIUM_OAUTH_CLIENT_SECRET</code>),
SSO_ENABLED="true" but the recommanded way is setup through <code>config.ini</code> file.</li>
BASE_URL="http://localhost:8080" </ol>
CLIENT_ID= </li>
SECRET=</code></pre> <li>Restart the server</li>
<h4>Environment variable (linux)</h4><pre><code class="language-text-x-trilium-auto">export SSO_ENABLED="true" <li>Go to "Menu" -&gt; "Options" -&gt; "MFA"</li>
export BASE_URL="http://localhost:8080" <li>Click the “Enable Multi-Factor Authentication” checkbox if not checked</li>
export CLIENT_ID= <li>Choose “OAuth/OpenID” under MFA Method</li>
export SECRET=</code></pre> <li>Refresh the page and login through OpenID provider</li>
<h4>Docker</h4><pre><code class="language-text-x-trilium-auto">docker run -d -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e SSO_ENABLED="true" -e BASE_URL="http://localhost:8080" -e CLIENT_ID= -e SECRET= triliumnext/notes:[VERSION]</code></pre> </ol>
<p>After you restart Trilium Notes, you will be redirected to Google's account
selection page. Login to an account and Trilium Next will bind to that
account, allowing you to login with it.</p>
<p>You can now login using your google account.</p>

2
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Note Types/Code.html generated
View File

@ -40,7 +40,7 @@
<h2>Color schemes</h2> <h2>Color schemes</h2>
<p>Since Trilium 0.94.0 the colors of code notes can be customized by going&nbsp; <p>Since Trilium 0.94.0 the colors of code notes can be customized by going&nbsp;
<a <a
class="reference-link" href="#root/pOsGYCXsbNQG/gh7bpGYxajRS/Vc8PjrjAGuOp/_help_4TIF1oA4VQRO">Options</a>&nbsp;→ Code Notes and looking for the <em>Appearance</em> section.</p> class="reference-link" href="#root/_help_4TIF1oA4VQRO">Options</a>&nbsp;→ Code Notes and looking for the <em>Appearance</em> section.</p>
<aside <aside
class="admonition note"> class="admonition note">
<p><strong>Why are there only a few themes whereas the code block themes for text notes have a lot?</strong> <p><strong>Why are there only a few themes whereas the code block themes for text notes have a lot?</strong>

78
docs/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.md
View File

@ -1,11 +1,9 @@
# Multi-Factor Authentication # Multi-Factor Authentication
**Note: This feature has not been merged yet, so it is not available.**
Multi-factor authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a system, application, or account. This adds an extra layer of protection beyond just using a password. Multi-factor authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a system, application, or account. This adds an extra layer of protection beyond just using a password.
By requiring more than one verification method, MFA helps reduce the risk of unauthorized access, even if someone has obtained your password. Its highly recommended for securing sensitive information stored in your notes. By requiring more than one verification method, MFA helps reduce the risk of unauthorized access, even if someone has obtained your password. Its highly recommended for securing sensitive information stored in your notes.
Warning! OpenID and TOTP cannot be both used at the same time! **Warning**: OpenID and TOTP cannot be both used at the same time!
## Log in with your Google Account with OpenID! ## Log in with your Google Account with OpenID!
@ -17,35 +15,18 @@ TOTP (Time-Based One-Time Password) is a security feature that generates a uniqu
## Setup ## Setup
MFA can only setup on server instance.
### TOTP ### TOTP
1. Start Trilium Notes normally. 1. Go to "Menu" -> "Options" -> "MFA"
2. Go to "Menu" -> "Options" -> "MFA" 2. Click the “Enable Multi-Factor Authentication” checkbox if not checked
3. Click the "Generate TOTP Secret" button 3. Choose “Time-Based One-Time Password (TOTP)” under MFA Method
4. Copy the generated secret to your authentication app/extension 4. Click the "Generate TOTP Secret" button
5. Set an environment variable "TOTP\_SECRET" as the generated secret. Environment variables can be set with a .env file in the root directory, by defining them in the command line, or with a docker container. 5. Copy the generated secret to your authentication app/extension
6. Click the "Generate Recovery Codes" button
``` 7. Save the recovery codes. Recovery codes can be used once in place of the TOTP if you loose access to your authenticator. After a rerecovery code is used, it will show the unix timestamp when it was used in the MFA options tab.
# .env in the project root directory 8. Re-login will be required after TOTP setup is finished (After you refreshing the page).
TOTP_ENABLED="true"
TOTP_SECRET="secret"
```
```
# Terminal/CLI
export TOTP_ENABLED="true"
export TOTP_SECRET="secret"
```
```
# Docker
docker run -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e TOTP_ENABLED="true" -e TOTP_SECRET="secret" triliumnext/notes:[VERSION]
```
6. Restart Trilium
7. Go to "Options" -> "MFA"
8. Click the "Generate Recovery Codes" button
9. Save the recovery codes. Recovery codes can be used once in place of the TOTP if you loose access to your authenticator. After a rerecovery code is used, it will show the unix timestamp when it was used in the MFA options tab.
10. Load the secret into an authentication app like google authenticator
### OpenID ### OpenID
@ -53,33 +34,10 @@ _Currently only compatible with Google. Other services like Authentik and Auth0
In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google. In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google.
Set an environment variable "SSO\_ENABLED" to true and add the client ID and secret you obtained from google. Environment variables can be set with a .env file in the root directory, by defining them in the command line, or with a docker container. 1. Set the `oauthBaseUrl`, `oauthClientId` and `oauthClientSecret` in the `config.ini` file, which located under the Trilium data folder.
1. You can also setup through environment variables (`TRILIUM_OAUTH_BASE_URL`, `TRILIUM_OAUTH_CLIENT_ID` and `TRILIUM_OAUTH_CLIENT_SECRET`), but the recommanded way is setup through `config.ini` file.
#### .env File 2. Restart the server
3. Go to "Menu" -> "Options" -> "MFA"
``` 4. Click the “Enable Multi-Factor Authentication” checkbox if not checked
# .env in the project root directory 5. Choose “OAuth/OpenID” under MFA Method
SSO_ENABLED="true" 6. Refresh the page and login through OpenID provider
BASE_URL="http://localhost:8080"
CLIENT_ID=
SECRET=
```
#### Environment variable (linux)
```
export SSO_ENABLED="true"
export BASE_URL="http://localhost:8080"
export CLIENT_ID=
export SECRET=
```
#### Docker
```
docker run -d -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e SSO_ENABLED="true" -e BASE_URL="http://localhost:8080" -e CLIENT_ID= -e SECRET= triliumnext/notes:[VERSION]
```
After you restart Trilium Notes, you will be redirected to Google's account selection page. Login to an account and Trilium Next will bind to that account, allowing you to login with it.
You can now login using your google account.