Authenticate using two-factor authentication

Two-factor authentication (2FA) is a subset of multi-factor authentication (MFA). It provides an additional security layer that Automation Anywhere applies at the role level for users.

Prerequisites

  • Valid username, password, and mfaCode for your Control Room.
  • REST client or access to Automation Anywhere Swagger for your Control Room.
Note:
  • The mfaCode is a Time-based One-Time Password (TOTP). We use two-factor authentication (2FA) which is a subset of the multi-factor authentication (MFA). Users need a 2FA code generator to create one-time codes or tokens.
  • We recommend that you either disable 2FA in a role or create a separate role that does not use 2FA for use in scripts or other programmatic environments. You should use username and apiKey to authenticate when programmatically making API requests. Avoid using passwords in plain-text format to improve security.
  • URL: http://<your_control_room_url>/v1/authentication
  • Method: POST

Two-factor authentication is supported only in Active Directory and non-Active Directory user environments; it is not supported for an SSO environment.

Procedure

  1. Enter the following parameters in the request body.
    Request body:
    {
      "username": "docs-2fa-vm3",
      "password": "mypassword@123",
      "mfaCode": 879179
    }
  2. Send the request.
    • In a REST Client, click SEND.
    • In the Swagger interface, click Execute.
    Response body:
    Note: The JWT is a 703 character string.
    {
      "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiI3IiwiY2xpZW50VHlwZSI6IldFQiIsImxpY2Vuc2VzIjpbIkRFVkVMT1BNRU5UIl0sImFuYWx5dGljc0xpY2Vuc2VzUHVyY2hhc2VkIjp7IkFuYWx5dGljc0NsaWVudCI6dHJ1ZSwiQW5hbHl0aWNzQVBJIjp0cnVlfSwiaWF0IjoxNTc1NTY4MzU5LCJleHAiOjE1NzU1Njk1NTksImlzcyI6IkF1dG9tYXRpb25Bbnl3aGVyZSIsIm5hbm9UaW1lIjo3NDYzMjI1Njc3MDE2MywiY3NyZlRva2VuIjoiMmY1ODZjYzFkNGNkM2RjOTBhNWI1MWMwOTZlMmZmOTAifQ.juAhCYWz_mzAt_6WH5fTg3XzvmPWIM4LRTBDmh6_S7FRqfTBUWwquygNDek6EqLfXlvfaDp-3A5m0uYr7pJMdAjnYFMt29BSQTDtvb3ArqfVFQWvFB7a55N1zl_IvW-1TnfPxrGKqmK5tA2M4LKsaJ7EewBGWPEJAYKSlBgeo6-jtsioP6bOvFsSKLzn0CaFeFZ4lQthrKNH5YdlwuOs01p1yOxuHUVzmOqYw8UeyOChh6A-fZjF2586ynLV4H-VFLK3YtxYRm1cwMi-d6RN3EHpu65Cqo0hBmTv0yF3p7edG3SmS9C1AZMk2Q3cksAcPzgoFKNvQ4tBUC2Mqd1kjQ",
      "user": {
        "id": 7,
        "email": "myemail@mycompany.com",
        "username": "docs-2fa-vm3",
        "domain": null,
        "firstName": "",
        "lastName": "",
        "version": 3,
        "principalId": 7,
        "deleted": false,
        "roles": [
          {
            "name": "APIKeyGenerator",
            "id": 18,
            "version": 0
          },
          {
            "name": "AAE_Meta Bot Designer",
            "id": 13,
            "version": 0
          },
          {
            "name": "docs-2fa-role",
            "id": 17,
            "version": 0
          }
        ],
        "sysAssignedRoles": [],
        "groupNames": [],
        "permissions": [
          {
            "id": 97,
            "action": "viewbotstore",
            "resourceId": null,
            "resourceType": "botstore"
          },
          {
            "id": 58,
            "action": "myschedule",
            "resourceId": null,
            "resourceType": "taskscheduling"
          },
          {
            "id": 59,
            "action": "managecredentials",
            "resourceId": null,
            "resourceType": "credentials"
          },
          {
            "id": 61,
            "action": "createstandard",
            "resourceId": null,
            "resourceType": "credentialattribute"
          },
          {
            "id": 91,
            "action": "generateapikey",
            "resourceId": null,
            "resourceType": "api"
          },
          {
            "id": 29,
            "action": "view",
            "resourceId": null,
            "resourceType": "repositorymanager"
          },
          {
            "id": 103,
            "action": "viewuserbasic",
            "resourceId": null,
            "resourceType": "usermanagement"
          },
          {
            "id": 62,
            "action": "metabotdesigner",
            "resourceId": null,
            "resourceType": "metabot"
          },
          {
            "id": 30,
            "action": "view",
            "resourceId": null,
            "resourceType": "devices"
          }
        ],
        "licenseFeatures": [
          "DEVELOPMENT"
        ],
        "emailVerified": true,
        "passwordSet": true,
        "questionsSet": true,
        "enableAutoLogin": true,
        "disabled": false,
        "clientRegistered": false,
        "description": "",
        "createdBy": 4,
        "createdOn": "2019-12-04T20:45:05-08:00",
        "updatedBy": 4,
        "updatedOn": "2019-12-05T09:50:33-08:00",
        "publicKey": null,
        "appType": null,
        "routingName": null,
        "appUrl": null
      },
      "mfaSetupRequired": false
    }

Next steps

Users with the role to generate API keys can use an apiKey in place of a passwordto generate and authentication token. See, Enterprise 11: Create and assign API key generation role.
{
  "username": "docs-2fa-vm3",
  "apiKey": "-Jc$z@p?'E`X!lCmds/6Yn<7_?3}XYjks#55Gl,K",
  "mfaCode": 879179
}