Note on authentication before activation/migration

The self-service can be made available without prior form-based authentication for requests with HTTP Basic Auth headers. This makes sense in scenarios where the self-service is used internally to enable Matrix Card tokens (for later use from external networks). To enable this, set the property Migration Via Basic Auth to true.

Note that this implies the following:

  • HTTP Basic Auth headers are required in the request.
  • Username and password need to be sufficient for authentication prior to Matrix Card token activation
  • The main authenticator (before activating the Matrix Card token) needs to accept username and password (and no other token)

Enabling the feature Migration Via Basic Auth means, that users are only authenticated with username and password to activate the Matrix Card token.

It is not a good idea to register a second factor (the Matrix Card) given only weak authentication (username and password). Therefore the feature should only be used in suitable scenario as the one described above (token activation from internal network to enable strong authentication for later use from external network).