Management Console - Your MFA Settings
Your MFA Settings
System administrators are able to manage Multi-Factor Authentication settings for their account on the Your MFA Settings page.
To manage MFA for other accounts, see the System Administrators documentation page.
General
MFA Enabled
The checkbox indicates whether Multi-Factor Authentication has been enabled or disabled for your own account.
Enable MFA
When MFA is disabled, the Enable MFA button enables MFA.
A shared secret is generated and the MFA status of your account is set to Pending. The MFA process needs to be finalized on the next login at the management console.
- Logout of the Management Console using the Logout button in the upper right corner.
- Enter your username and password, click OK.
- Scan the QR code with a TOTP compatible authenticator app on your mobile phone, or enter the token shown below the QR code manually.
- Enter the MFA code that is shown on your mobile phone's screen in the Code field.
- Click OK.
Active MFA
Once the process has been finalized, you only have to enter the code after you have entered username and password during the login process.
Disable MFA
When MFA is enabled, the Disable MFA button disables MFA.
You do not have to enter MFA codes when logging in in at the Management Console.
Reset Secret
The Reset Secret button generates a new TOTP secret and sets the MFA status of your account to Pending.
You have to go through the finalization process again on the next login at the Management Console. The previously scanned QR code (and therefore the secret) is invalid, and MFA codes generated with it cannot be used to log in.
The button is only enabled when the MFA process of your account has been finalized and the MFA status is active.
API Password
When MFA has been enabled for your account, you cannot use your regular password to use the Management API.
You have to generate an API password that has to be used to connect to the Management API port. One API password per user account is supported.
Generate New API Password
Click the Generate New API Password button to create a new API password. The password is shown and can be copied. The API password cannot be shown again.
Important notice: When your username contains a colon (:) you may not be able to connect to the Management API. The Management API uses HTTP Basic Authentication which sends the username and password, separated by a colon, as a Base64 encoded HTTP header. When the username contains a colon, the password cannot be separated correctly from the whole string.