Enable Multi-Factor Authentication

This topic describes how to enable multi-factor authentication for users.

Before you begin

Install the Google Authenticator app on your mobile device.

About this task

Only administrators can enable multi-factor authentication (MFA) for users.
Note: Enabling MFA also enables two-factor authentication for UAA and LDAP users as both the identity providers have a common login entry point.

Procedure

  1. Log in to Configuration Hub as an administrator.
  2. Go to Proficy Authentication > Security > Identity Provider.
    The existing list of identity providers appear.
  3. Select the UAA record for which you want to enable the multi-factor authentication.
    The option to enable MFA appears on the DETAILS panel under the MFA section.
  4. Enable the toggle switch for MFA.
    By default, MFA is disabled.
    The multi-factor authentication for UAA is enabled.
  5. Select Authenticator.
    Currently, Google authenticator is the only available authenticator.
  6. Restart the GE Proficy Authentication Tomcat Web Server service.
  7. Activate multi-factor authentication for user logins.
    You need to perform the following steps only for the first time for every user login.
    1. Log in to Configuration Hub with UAA user credentials.
      The MFA setup screen appears with a barcode.
    2. Open the Google Authenticator app on your mobile device and scan the barcode.
      The authentication app validates the user login and displays a 6-digit code. Barcode scanning appears only for the first time validation for every user login.
    3. On your browser, select Next on the MFA setup screen.
      The code verification screen appears.
    4. Enter the 6-digit code in the passcode field and select Verify
      You are logged in successfully.

Results

Multi-factor authentication is enabled for both UAA and LDAP users.