Platform security - Fluid Topics - 5.1

What's New in Fluid Topics v5.1
Audience
public
Version
Latest

We have introduced several important enhancements to ensure a more secure and compliant environment:

  • Enforced Multi-Factor Authentication (MFA) using Time-Based One-Time Passwords (TOTP) for added account protection.

  • TLS update

  • Support for Mutual TLS (mTLS) to authenticate both client and server, strengthening secure communication.

  • Direct Certificate Registration within the interface for streamlined management.

  • Implementation of Strict Dynamic Content Security Policy (CSP) to further secure content delivery.

MFA adds an extra layer of protection with a simple setup, and will become mandatory after a grace period, reducing unauthorized access risks. mTLS ensures secure communication by verifying identities on both sides.

For more details on enabling these features, or for any questions, please refer to the MFA documentation or the security documentation for information on trusted origins and certificates.

Interface for configuring Multi-factor Authentication (MFA) in its alpha version. MFA is set to support time-based one-time passwords through authenticator apps, with documentation available. A toggle labeled 'Activate MFA for all realm users' is marked as recommended. Below, the 'Grace period' section allows users to skip MFA setup for a set time, starting from their next login. The grace period is currently set to '7' days, with an informational note explaining its function.

Setup screen for Multi-factor Authentication (MFA) requiring users to secure their accounts. A notification states 7 days remain to set up MFA. Steps include downloading an authenticator app for time-based one-time passwords, scanning a QR code (blurred) or entering a displayed code manually, and entering a verification code generated by the app. Options at the bottom allow users to 'Skip for now' or 'Enable MFA'.