Last updated on July 8, 2025
Nextcloud is an open-source content collaboration platform for creating and using file hosting services. It provides functionality similar to Dropbox, Office 365, or Google Drive when used with integrated office suites like Collabora Online or OnlyOffice. Nextcloud can be hosted in the cloud or on-premises, making it scalable from home office setups based on low-cost Raspberry Pi devices to full-sized data centers supporting millions of users1. Additionally, Nextcloud offers features such as granular permissions, local synchronization with Windows, macOS, Linux, and FreeBSD clients, and security options like multi-factor authentication.
Multi-Factor Authentication (MFA) for Nextcloud adds an extra layer of security to Nextcloud logins. Users must complete both primary (login/password) and secondary (Mobile Push) authentication. Even if a cybercriminal knows a user’s password, they won’t gain access without completing the second step.
Overview of MFA for Nextcloud
This documentation describes how to integrate Rublon MFA with Nextcloud using the LDAP(S) protocol to enable multi-factor authentication for Nextcloud logins.
Rublon MFA for Nextcloud integrates via the Rublon Authentication Proxy, supporting the LDAP protocol. It ensures that only authorized users proceed to the secondary authentication method, denying access to potential intruders.
Supported Authentication Methods
| Authentication Method | Supported | Comments |
| Mobile Push | ✔ | N/A |
| WebAuthn/U2F Security Key | – | N/A |
| Passcode | ✔ | N/A |
| SMS Passcode | – | N/A |
| SMS Link | ✔ | N/A |
| Phone Call | ✔ | N/A |
| QR Code | – | N/A |
| Email Link | ✔ | N/A |
| YubiKey OTP Security Key | ✔ | N/A |
Before You Start Configuring MFA for Nextcloud
Before configuring Rublon MFA for Nextcloud:
- Ensure you have prepared all required components.
- Create an application in the Rublon Admin Console.
- Install the Rublon Authenticator mobile app.
Required Components
1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeRADIUS.
2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already.
Warning
You need to install Rublon Authentication Proxy version 3.4.0 or higher for this integration to work properly!
3. Nextcloud Server – Properly configured.
Create an Application in the Rublon Admin Console
1. Sign up for the Rublon Admin Console. Here’s how.
2. In the Rublon Admin Console, go to the Applications tab and click Add Application.
3. Enter a name for your application (e.g., Nextcloud) and then set the type to Rublon Authentication Proxy.
4. Click Save to add the new application in the Rublon Admin Console.
5. Copy and save the values of the System Token and Secret Key. You are going to need these values later.
Install Rublon Authenticator
Some end-users will install the Rublon Authenticator mobile app. So, as a person configuring MFA for Nextcloud, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Nextcloud via Mobile Push.
Download the Rublon Authenticator for:
Configuring Multi-Factor Authentication (MFA) for Nextcloud
Adding LDAP App to Nextcloud
1. In the top-right corner, click your account’s avatar and select Apps.
2. In the left pane, select Your apps, scroll all the way down, and click Enable next to LDAP user and group backend.
Configuring LDAP
1. In the top-right corner, click your account’s avatar and select Administration settings.
2. In the pane on the left, navigate to the Administration section, and select LDAP/AD Integration.
3. Let’s start from the Server tab. This is the only mandatory tab. All other tabs can be skipped if you do not mind the default settings. Fill in the fields and click Continue. Refer to the following image and table.
| Server | The IP address or hostname of the Rublon Authentication Proxy LDAP Proxy server |
| Port | 389 for LDAP |
| User DN | The user from your AD/LDAP written in LDAP notation, e.g., cn=rublonadmin,ou=Rublon,dc=rublondemo,dc=local |
| Password | The password of the User DN user. |
| Base DN | In this section, you can enter the specific Distinguished Name (DN) for fetching users, such as dc=rublondemo,dc=local |
4. In the Users tab, the settings depend on your preferences and how your base LDAP is configured. The default settings should suffice. Click Continue to go to the next tab. In case you want to change the settings:
- Only these object classes: defines what object classes from LDAP should be taken into account when searching for users (person by default)
- Only from these groups: restricts access to users of the specified group or groups. However, you do not have to indicate any group in which case users from the entire domain or the Base DN will be taken into account.
- Note that the LDAP Filter listed below changes depending on the selected settings.
- You can verify the correctness of your settings using Verify settings and count users. After clicking this button, the number of detected users should appear next to it.
5. In the Login Attributes tab, the settings depend on your preferences and how your base LDAP is configured. The default LDAP/AD Username setting should suffice. Click Continue to go to the next tab. Optionally, you can click Verify settings to check if your settings are correct.
6. In the Groups tab, the settings depend on your preferences and how your base LDAP is configured. The default settings should suffice.
7. Your LDAP configuration is complete. You can now test your setup.
Testing Multi-Factor Authentication (MFA) for Nextcloud
This example portrays logging in to Nextcloud via the Nextcloud subdomain login page, e.g. https://nextcloud.example.co/. Mobile Push has been set as the second factor in Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).
1. Go to your Nextcloud subdomain login page.
2. Enter your login and password.
3. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.
4. You will gain access.
Troubleshooting of MFA for Nextcloud using LDAP
If you encounter any issues with your Rublon integration, please contact Rublon Support.
