Instructions to configure a Linux user account with idQ Enterprise as a second authentication factor.

These instructions require the following:

  • that both a SSH compatible terminal application and the idQ PAM for Ubuntu connector installed on the Ubuntu Linux server
  • ability to log into the Ubuntu Linux server with an account that has admin privileges

There are two options to configure Linux users to use two factor authentication (2FA) with idQ Enterprise being the second authentication factor:

  1. 2FA with username/password as the first authentication factor, and idQ push notification as the second authentication factor
  2. 2FA with RSA as the first authentication factor, and idQ push notification as the second authentication factor

It is highly recommended that at least 1 user be able to login directly to the Ubuntu console with a username and password (i.e. NOT using idQ Enterprise as the second authentication factor). In the event that Internet access is unavailable, the user should be able to login directly to the Ubuntu console with a username and password.

User Account to use 2FA with Username/Password & idQ Enterprise Push Notification 

  1. Ensure user is configured to use SSH client to log in to remote Linux server using username/password authentication
  2. Assign user to pam_idq group to set up idQ Enterprise push notification as the second authentication factor
           $sudo usermod -a -G pam_idq <username>

User Account to use 2FA with RSA & idQ Enterprise Push Notification

  1. Ensure user is configured to use SSH client to log in to remote Linux server using private key certification authentication
  2. Assign user to pam_idq & pam_idqrsa groups to set up idQ Enterprise push notification as the second authentication factor
           $sudo usermod -a -G pam_idq,pam_idqrsa <username>



  • No labels