Hello everyone,
I set up my homelab with my NAS. I’m using Cloudflare Tunnel for many web applications and Traefik for media intense applications like Plex that aren’t allowed with CF Tunnel.
I can use two factor authentication with Cloudflare and as I understand I could use Authelia or Authentik for Traefik.
But all of them have one problem, I cannot use them with the native apps on my Android phone. I know there are specific apps where I can put things in the header like LunaSea and Sonarr.
But I am really wondering, is there something that I could use with my android app and still provide 2FA to make my homelab more secure?
Thank you and best regards
Integrate an external authentication mechanism.
Something like JumpCloud (I’m using the free version for now). It offers up SAML that can be used in Cloudflare. You can use it as part of their Zero Trust section. You can set it up such that first a user must enter an email address. If that email address (or domain) isn’t allowed, no go. If it IS allowed, then they are redirected to JumpCloud for authentication/2FA. Only AFTER this are they then redirected to any hosting services.
This may be a little more than what you were asking, but it’s all web-based on the client side, so it would still work with your Android phone.
Otherwise, literally any 2FA app should work.
I think you missed their question. They want to use native client apps on their android device (think jellyfin client, for example) with 2FA. Continuing with this example, the jellyfin client doesn’t support OIDC, best you’ll get with external authentication is LDAP (which still uses a 3rd party LDAP plugin, and doesn’t support 2FA, but at least works on the client).
An external provider that supports SAML or OIDC or whatever won’t magically make the android client natively support that auth mechanism
Wow, yeah my bad.