Zimbra OSE is a complete email solution. It offers lots of customization compared to G Suit and M365. Still, it needs some attention from the system admins perspective to make it more secure. When we discuss security, we mostly misjudge it with user passwords. We think a strong password is all we need to secure our email service. But I guess we need a lot more than that.
This is a series of three articles that try to discuss the most requested features by Zimbra admins including:
- Backup and restore for Zimbra,
- Authentication methods for Zimbra,
- Cloud storage integration for Zimbra.
In this article, we will discuss various authentication methods of Zimbra. Some of them come with the paid edition of Zimbra, some come with third-party packages.
This authentication facility is not available in the Zimbra OSE but it can be added using Zextras Suite. It adds an additional physical layer of security to an email account. It enables the protected login for the email account owner.
In case of unavailability of the device, the end-user can use a one-time code to bypass the 2FA for that particular login attempt. With this feature, a system admin can ensure the smooth accessibility of an email account.
Some legacy apps are not compatible with 2FA. For them, there is a feature called App-specific code. It allows them to connect to the email account with making it vulnerable.
Zimbra supports Time-based one-time password authentication or TOTP that can be used by almost all mobile OS.
Customize Zimbra Open Relay Policy
In Zimbra OSE, we can modify the settings of the postfix configuration file to enforce a password-based authentication policy as per our requirement. Although it is quite simple to configure it only provides basic authentication.
On one hand, we have basic password-based authentication in Zimbra OSE in another hand this is considered the most rudimentary form of authentication.
But what if we could use the Zimbra OSE and also use the available authentication methods in a cost-effective manner. Here comes, the Zextras.
In these articles, I discuss that how we can use the Zextras suite to make our Zimbra OSE an enterprise-grade solution. And Zextras AUTH is one of the key features of this package.
Zextras Auth supports the following backends:
- Self service credentials management
- Mobile password management
- Application password
- Custom login page
- SAML integration
- 2FA Authentication using OTP token
- Credential Management by CLI
You can read more details in the reference links.
You may ignore it but you can not avoid it. Although authentication gets the least attention to the users and sometimes annoys the user a good system user knows its value and necessity.