This article will provide steps on how to setup 2Factor Authentication for your SMA, How to reset the token for a user and how to set a transition window for a multi ORG SMA and other scenarios.
When enabling 2FA, you have a couple options as to who (all users or some users) will be asked for the verification code and where (admin portal or user portal), users will be given instructions to install the Google Authenticator to generate the needed codes to log in. Note that other Authenticator apps may work, but Google is the only one tested by the QA department.
2FA on an Org Enable appliance
To enable 2FA only for SELECTED System users
Note: Repeat steps 6 and 8 until all required users have the option enabled – if the option on the user is not selected, 2FA will not be requested when the user logs in to the system portal
To enable 2FA for ALL system users
Note: 2FA will be required for ALL users trying to log in to the system portal
To enable 2FA for ALL admin portal users on ALL orgs
Note: 2FA will be required for ALL users trying to log in to the admin portal on all orgs
To enable 2FA on ALL org admin portal, but org admin chooses if All or SELCTED users require it
Once the option “Defined by Organization” is selected, you will need to set if all users or a selected group of users will require the 2fa to log in to the admin portal.
For Selected users that log in to the admin portal:
Note: repeat steps 3 to 5 until all the desired users have been selected.
For all users that log in to the admin portal:
Note: all admin portal users for this org will now be required to use 2fa to log in.
To enable 2FA on ALL org User Portal, but org admin chooses if All or SELCTED users require it
Once the option “Defined by Organization” is selected, you will need to set if all users or a selected group of users will require the 2fa to log in to the user portal.
For Selected users that log in to the user portal:
Note: repeat steps 3 to 5 until all the desired users have been selected.
For all users that log in to the user portal:
Note: all user portal users for this org will now be required to use 2fa to log in.
Setting Transition Window
You can also set up a transition window, Users will have this amount of time to configure and verify two-factor authentication before they will no longer be able to login. User will be able to log in during this time and skip the configuration of the Google authenticator.
To set up the transition window:
Note: the transition window on a multi org appliance will be set globally on the system portal.
Reset Token
If a user did not set up his google authenticator to log in with 2FA or the user misplaced or lost his google authenticator, you can reset the token for this user so they can once again log back in and configure the google authenticator once more.
To reset the token to system portal users:
To reset the token to system admin or user portal users:
Note: once the token resets, the user is presented with the option to configure the google authenticator and will have the option to skip the configuration as stated on the Transition window timeframe.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center