Enabling Two-factor authentication

Administrators can enable two-factor authentication (2FA) for users logging in to the Control Room. 2FA provides a layered defense against any unauthorized users from accessing the database.

Two-factor authentication, a subset of multi-factor authentication (MFA), provides an additional security layer that is applied at the role level for users in the Control Room. It can be set for all users or for users with specific roles.

Two-factor authentication is disabled by default.

When users are assigned a role that requires 2FA, they must set up an Authenticator application on their mobile devices and establish a connection between that application and Control Room. On subsequent logins, users are prompted to enter a time-based one-time password (OTP) from the authenticator to complete the Control Room login.

Two-factor authentication is supported only in Active Directory and non-Active Directory user environments; it is not supported for an SSO environment.

Procedure

  1. Navigate to Administration > Settings > Two Factor Authentication.
  2. Click Edit.
  3. Select the Enabled check box.
  4. Optional: Use the Maximum Tokens Per User drop-down list to set a limit on the user tokens.
  5. Click Save changes.