Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
2fa [2020_08_20 13:02] – dan | 2fa [2024_02_28 01:03] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ======Two-Factor Authentication (2FA)====== | + | # Two-Factor Authentication (2FA) |
- | ==last updated on: Aug. 20, 2020== | + | #### last updated on: Feb 14, 2023 |
- | The Enterprise File Fabric | + | Access Anywhere Server |
- | 2FA is a security process in which the user provides two different authentication factors to verify themselves to better protect | + | 2FA is an additional |
- | If 2FA is turned then users first login with their password before and are then issued a secondary authentication challenge. | + | Note that 2FA is set at an account level so can be used to protect storage resources that do not support 2FA by default. |
- | Two Factor Authentication | + | 2FA can be configured |
- | {{ : | ||
- | The File Fabric supports three types of 2FA. Select the type you want to use from the pulldown menu: | + | ### External Users |
+ | |||
+ | Setting 2FA for an organization doesn' | ||
+ | |||
+ | |||
+ | ===== Organization Level Setup ===== | ||
+ | |||
+ | Two Factor Authentication can be turned on for all of a organization' | ||
+ | |||
+ | {{ :: | ||
+ | |||
+ | The protocol adapters [[clouddav|]] and [[cloudftp|]] do not support 2FA. You can optionally disable them from this page for further security. (For this option to be visible the Feature "2FA for API" must be enabled for the User Package.) | ||
+ | |||
+ | Three types of 2FA are supported. Select the type you want to use from the pulldown menu: | ||
{{ :: | {{ :: | ||
- | ===Email=== | ||
- | On each login attempt the user will be have to enter a timed one-time password. | ||
- | ===Phrase=== | ||
- | On each login attempt the user will be challenged to enter a phrase that he has associated with his account for this purpose. | ||
- | If you have selected the " | + | ====Email==== |
- | Other members of the org. will be prompted | + | ===How it Works=== |
- | ===Authenticator App (TOTP)=== | + | |
+ | On each login attempt | ||
+ | {{ : | ||
+ | The password | ||
+ | |||
+ | ===Set-Up=== | ||
+ | |||
+ | The only set-up required is selecting this choice and saving | ||
+ | |||
+ | ====Phrase==== | ||
+ | ===How it Works=== | ||
+ | When each user logs in for the first time after phrase based 2FA has been enabled, | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | On each subsequent login attempt the user will be challenged to enter the phrase: | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | If an org. member forgets his phrase then he will no longer be able to log in to his account until the org. admin intervenes. | ||
+ | |||
+ | ===Set-Up=== | ||
+ | |||
+ | As the org. admin you can both turn on phrase based 2FA for the org. and set up the phrase for your account. | ||
+ | |||
+ | ====Authenticator App (TOTP)==== | ||
+ | ===How it Works=== | ||
On each login attempt the user will be have to enter a timed one-time password (TOTP) that has been generated by an app such as Google Authenticator on her phone. | On each login attempt the user will be have to enter a timed one-time password (TOTP) that has been generated by an app such as Google Authenticator on her phone. | ||
- | If you have selected " | ||
- | scan with an authentication application the QR code that appeared on the Security web page or make note of the | ||
+ | {{ : | ||
+ | ===Set-Up=== | ||
+ | |||
+ | If the org. admin selects " | ||
+ | account will appear on the Security web page: | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | The QR code and the secret string are functionally equivalent. | ||
+ | |||
+ | On each user's first login after TOTP 2FA has been turned on, each user will have to download or save their own individual QR code or secret. | ||
+ | |||
+ | Android / iOS Apps that support TOTP include Google Authenticator, | ||
+ | |||
+ | =====Individual User Setup===== | ||
+ | If 2FA has not been activated for the organization then each user has the option of setting up 2FA for his/her own account. | ||
+ | {{ :: | ||
+ | The choices, setup and use are the same as those described in the previous section. | ||
- | The steps required to coOnce turned on users will have to login as normal and will then receive the second challenge. This will work from web, desktop and mobile apps. |