Last updated on July 8, 2025
Multi-Factor Authentication (MFA) for Roundcube is a multi-layered approach to authentication that requires users to complete an extra authentication method before accessing their Roundcube account. Thanks to Roundcube MFA, even if hackers compromise your password, they still cannot access your account.
Overview
This document explains how to enable Rublon Multi-Factor Authentication (MFA) for users who log in to Roundcube. Rublon integrates with Roundcube using a dedicated connector. This document describes all required installation and configuration steps.
The Rublon MFA for Roundcube connector enables Multi-Factor Authentication (MFA) / Two-Factor Authentication (2FA) during Roundcube user logins. After a user enters the correct username and password, the connector prompts the user to complete an additional authentication method. If the user cannot complete the extra security step, the connector denies access, thwarting a potential hacker from gaining access to the account.
Supported Authentication Methods
| Authentication Method | Supported | Comments |
| Mobile Push | ✔ | N/A |
| WebAuthn/U2F Security Key | ✔ | N/A |
| Passcode | ✔ | N/A |
| SMS Passcode | ✔ | N/A |
| SMS Link | ✔ | N/A |
| Phone Call | ✔ | N/A |
| QR Code | ✔ | N/A |
| Email Link | – | N/A |
| YubiKey OTP Security Key | ✔ | N/A |
Before You Start
Before configuring Rublon MFA for Roundcube:
- Create an application in the Rublon Admin Console.
- Install the Rublon Authenticator mobile app.
Create an Application in the Rublon Admin Console
1. Sign up for the Rublon Admin Console. Here’s how.
2. In the Rublon Admin Console, go to the Applications tab and click Add Application.
3. Enter a name for your application and then set the type to Custom integration using PHP SDK.
4. Click Save to add the new application in the Rublon Admin Console.
5. Copy and save the values of the System Token and Secret Key. You are going to need these values later.
Install Rublon Authenticator
For increased security of Multi-Factor Authentication (MFA), end-users should install the Rublon Authenticator mobile app.
Download the Rublon Authenticator for:
Installing Roundcube MFA
1. Download the Rublon MFA for Roundcube plugin (Code → Download ZIP) and extract it in Roundcube’s plugins directory so that a subdirectory plugins/rublon is created.
2. Open the config/config.inc.php file and find the $config[‘plugins’] array.
3. Add ‘rublon’ to the $config[‘plugins’] array.
For example, to enable plugins named rublon and archive, config/config.inc.php should contain this line:
$config['plugins'] = array('archive', 'rublon');
4. Run composer require rublon/rublon-sdk-php in the root directory of your Roundcube installation.
Configuring Roundcube MFA
1. Inside the plugins/rublon directory, change the name of the file config.inc.php.dist to config.inc.php. Then, open the file and change the following values:
| $config[‘client’] | Enter the System Token of the Custom integration using PHP SDK application you copied from the Rublon Admin Console. |
| $config[‘secret’] | Enter the Secret Key of the Custom integration using PHP SDK application you copied from the Rublon Admin Console. |
| $config[‘rublonApi’] | Enter the Rublon API Server URI. Default: https://core.rublon.net |
| $config[‘rcubeUrl’] | An URL address for your application, e.g., www.yourround.cube This value is optional. When not set, Rublon takes the URL from $_SERVER. |
2. Open the config/defaults.inc.php file and change session storage to php:
$config['session_storage'] = 'php';
Testing MFA for Roundcube
1. Enter your Roundcube login and password and click Login.
2. A window will appear with various MFA options from Rublon. Let’s choose Mobile Push.
3. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.
4. You will be successfully logged in to Roundcube.
Troubleshooting
If you encounter any issues with your Rublon integration, please contact Rublon Support.
