Management Console - Your MFA Settings


Your MFA Settings

System administrators are able to manage Multi-Factor Authentication settings for their account on the Your MFA Settings page.

Msce mfa settings 01.png

To manage MFA for other accounts, see the System Administrators documentation page.

General

MFA Enabled

The checkbox indicates whether Multi-Factor Authentication has been enabled or disabled for your own account.

Enable MFA

When MFA is disabled, the Enable MFA button enables MFA.
A shared secret is generated and the MFA status of your account is set to Pending. The MFA process needs to be finalized on the next login at the management console.

  • Logout of the Management Console using the Logout button in the upper right corner.
  • Enter your username and password, click OK.
Msce console login.png
  • Scan the QR code with a TOTP compatible authenticator app on your mobile phone, or enter the token shown below the QR code manually.
Msce console login mfa pending.png
  • Enter the MFA code that is shown on your mobile phone's screen in the Code field.
  • Click OK.

Active MFA

Once the process has been finalized, you only have to enter the code after you have entered username and password during the login process.

Msce console login mfa active.png

Disable MFA

When MFA is enabled, the Disable MFA button disables MFA.
You do not have to enter MFA codes when logging in in at the Management Console.

Reset Secret

The Reset Secret button generates a new TOTP secret and sets the MFA status of your account to Pending.
You have to go through the finalization process again on the next login at the Management Console. The previously scanned QR code (and therefore the secret) is invalid, and MFA codes generated with it cannot be used to log in.
The button is only enabled when the MFA process of your account has been finalized and the MFA status is active.

API Password

When MFA has been enabled for your account, you cannot use your regular password to use the Management API.
You have to generate an API password that has to be used to connect to the Management API port. One API password per user account is supported.

Generate New API Password

Click the Generate New API Password button to create a new API password. The password is shown and can be copied. The API password cannot be shown again.

Msce mfa settings api password 01.png

Important notice: When your username contains a colon (:) you may not be able to connect to the Management API. The Management API uses HTTP Basic Authentication which sends the username and password, separated by a colon, as a Base64 encoded HTTP header. When the username contains a colon, the password cannot be separated correctly from the whole string.