| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| linux:nextcloud [2025/08/26 08:06] – [NextCloud] jansen | linux:nextcloud [2025/08/27 12:53] (current) – [App passwords] jansen |
|---|
| |
| Users will now see a button below the login form, labeled "STRW Identity provider". | Users will now see a button below the login form, labeled "STRW Identity provider". |
| If you are a new user, without an existing nextcloud account, click there, and you will be directed to the ''keycloak'' login window, and once authenticated, an account in nextcloud is made, connected to their strw account. Or, if you were already logged in (eg for webmail or intraneet), you will only see you are immediately logged in to your new nextcloud account. | If you are a **new user**, without an existing nextcloud account on our server, click there, and you will be directed to the ''keycloak'' login window, and once authenticated, an account in nextcloud is made, connected to the strw account. Or, if you were already logged in (eg for webmail or intraneet), you will only see you are immediately logged in to your new nextcloud account. |
| |
| __However__, for existing users who already have an account in nextcloud, this is not the right way, since the procedure outlined above creates a new user account. So, if an account already exists with your e-mail address, an error message will be shown, and the system will prevent you from accidentally creating a new account, overwriting your old one (and loosing any files). | __However__, for **existing users** who already have an account in nextcloud, this is not the right way, since the procedure outlined above creates a new user account. So, if an account already exists with your e-mail address, an error message will be shown, and the system will prevent you from accidentally creating a new account, overwriting your old one (and loosing any files). |
| |
| {{ :strw:nextcloud:nextcloud-sociallogin-usersettings.png?400|}} | {{ :linux:nextcloud-sociallogin-usersettings.png?400|}} |
| So, the correct way for existing users, is to login as usual without 2FA, and then go to your own profile menu, and open the settings page. In the "Social login" entry, the user can see the "STRW Identity provider" under "Available providers". Clicking that button will bring them to the keycloak login page, and once authenticated there, the existing account in nextcloud is connected to the strw account in keycloak. When the user already happens to be logged in through keycloak, they will immediately see the identity provider button here. | So, the correct way for existing users, is to login as usual without 2FA, and then go to your own profile menu, and open the settings page. In the "Social login" entry, the user can see the "STRW Identity provider" under "Available providers". Clicking that button will bring them to the keycloak login page, and once authenticated there, the existing account in nextcloud is connected to the strw account in keycloak. When the user already happens to be logged in through keycloak, they will immediately see the identity provider button here. |
| From then on, the user can use the "STRW Identity provider" button on the nextcloud login page to log in through keycloak (or be logged in immediately if already logged in to another keycloak-enabled site) | From then on, the user can use the "STRW Identity provider" button on the nextcloud login page to log in through keycloak (or be logged in immediately if already logged in to another keycloak-enabled site) |
| |
| We will give users sufficient time to do these setup steps before we disable the simple login without two-factor code. But the plan is, to allow only two-factor logins on the website some time next year (2026, to be announced). | We will give users sufficient time to do these setup steps before we disable the simple login without two-factor code. But the plan is, to allow only two-factor logins on the website some time next year (2026, to be announced). |
| | |
| | ===== App passwords ===== |
| | Since not all apps and file managers have a way to ask for the 2nd authentication factor, and since it is rather inconvenient to generate a 6-digit code every time you connect the app, Nextcloud supports "app passwords", which take the place of your actual password, but they only work for an app or program, and not for full access to the site. |
| | {{:linux:nextcloud-app-passwords-1.png?400 |}} |
| | To generate an app password, log in on the nextcloud site, click on your profile name or picture (top right corner, it will show your initials or a chosen picture). From the menu, select "personal settings" and then "security". |
| | There might be a short or long list of previous sessions; below that at the bottom of the page, is a field "App name" with a button "Create new app password" next to it. Simply type a name in the "App name" field and click the button. |
| | |
| | Now a window will pop up showing the generated password. Either type this into the password field of the app you are configuring (eg the Linux desktop "Online Accounts" preferences dialog), or press the button to display a QR code, which can be scanned into mobile apps, such as the Nextcloud app on Android or iOS. |
| | |
| | By the way, the "personal settings" menu also has an entry called "Mobile & desktop" which has the links to these mobile apps |
| ===== Enable NextCloud in a file manager ===== | ===== Enable NextCloud in a file manager ===== |
| |
| |
| {{ :linux:nextcloud-account-1.png?nolink&400 |}} | {{ :linux:nextcloud-account-1.png?nolink&400 |}} |
| | |
| | Alternatively, and probably better now that we are moving towards two-factor authentication for nextcloud, one can generate an "app password" from the web interface of nextcloud, and use that password here in stead of your actual password. |
| |
| |
