Best Authentication Methods for Zimbra – System Administrators’ Most Requested Features | Zimbra

Document
Alert! This article is written for Zimbra OSE users. As of December 2023, Synacor will no longer be providing support for Zimbra OSE. You might want to consider trying out Carbonio Community Edition – Zextras’s free and open-source email and collaboration platform.

For additional guidance, check out our community articles detailing the process of migrating from your current platform to Carbonio CE.

For enterprise-level requirements and advanced features, consider checking out Zextras Carbonio – the all-in-one private digital workplace designed for digital sovereignty trusted by the public sector, telcos, and regulated industries.

Zimbra OSE is a complete email solution. It offers lots of customization compared to G Suit and M365. Still, it needs some attention from the system admins perspective to make it more secure. When we discuss security, we mostly misjudge it with user passwords. We think a strong password is all we need to secure our email service. But I guess we need a lot more than that.

This is a series of three articles that try to discuss the most requested features by Zimbra admins including:

  • Backup and restore for Zimbra,
  • Authentication methods for Zimbra,
  • Cloud storage integration for Zimbra.

In this article, we will discuss various authentication methods of Zimbra. Some of them come with the paid edition of Zimbra, some come with third-party packages.

Two-factor Authentication:

This authentication facility is not available in the Zimbra OSE but it can be added using Zextras Suite. It adds an additional physical layer of security to an email account. It enables the protected login for the email account owner.

In case of unavailability of the device, the end-user can use a one-time code to bypass the 2FA for that particular login attempt. With this feature, a system admin can ensure the smooth accessibility of an email account.

Some legacy apps are not compatible with 2FA. For them, there is a feature called App-specific code. It allows them to connect to the email account with making it vulnerable.

Zimbra supports Time-based one-time password authentication or TOTP that can be used by almost all mobile OS.

Customize Zimbra Open Relay Policy

In Zimbra OSE, we can modify the settings of the postfix configuration file to enforce a password-based authentication policy as per our requirement. Although it is quite simple to configure it only provides basic authentication.

Zextras AUTH

On one hand, we have basic password-based authentication in Zimbra OSE in another hand this is considered the most rudimentary form of authentication.

But what if we could use the Zimbra OSE and also use the available authentication methods in a cost-effective manner. Here comes, the Zextras.

In these articles, I discuss that how we can use the Zextras suite to make our Zimbra OSE an enterprise-grade solution. And Zextras AUTH is one of the key features of this package.

Zextras Auth supports the following backends:

  • Self service credentials management
  • Mobile password management
  • Application password
  • Custom login page
  • SAML integration
  • 2FA Authentication using OTP token
  • Credential Management by CLI

You can read more details in the reference links.

You may ignore it but you can not avoid it. Although authentication gets the least attention to the users and sometimes annoys the user a good system user knows its value and necessity.

Reference links:

  1. https://www.zimbra.com/business-email-collaboration/secure-email-features/two-factor-authentication/
  2. https://docs.zextras.com/zextras-suite-documentation/latest/auth.html
  3. https://community.zextras.com/improve-the-security-using-zextras-2fa/
Download Zextras Suite for Zimbra OSE

Post your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

External Content Extractor for Zimbra with Zextras Suite | Zimbra
Zextras Suite 3.7.0 | Blog