Multi-Factor Authentication (MFA)

Owned by Kumar Desai (Unlicensed)
Last updated: Nov 27, 2020 by Anuj Raghuram (Unlicensed)
5 min read

Overview

Multi-Factor Authentication (MFA) is a two-factor authentication method to authenticate a user before they access an account. We’ve listed the two-factors used to authenticate a user:

  1. Password Validation.

  2. Token-based Validation using a soft token generated by authenticator apps such as Google Authenticator or Authy. The HyperCloudTM Platform (HCP) uses the Time-based One-Time Password algorithm (TOTP). The TOTP method is an extension of the HMAC-based One-time Password algorithm (HOTP).

Notes:

  • This section is for Tenant Administrators.

  • MFA policy is set by Tenant Administrators.

  • If you’re not a Tenant Administrator, you’ll be able to set up your MFA, if Everyone has to use MFA policy toggle is turned off in your MFA Settings.

MFA policy enforcement

If you are a Tenant administrator, you can enforce an MFA policy for a User. You can enforce an MFA policy in two ways:

Set up MFA policy

To set up the MFA policy:

  1. Login to your HCP portal as a Tenant Administrator.

  2. Click on MFA Settings from the Profile menu to the top-right.

  3. Turn on the Enable/Disable Multi-factor Authentication for all users of this tenant toggle to Yes. This will enable MFA for all the users in a tenancy.

  4. You can exclude certain users from the MFA policy. Users who are excluded from MFA policy can log in by using LDAP authentication or Email ID & Password.
    To add a user to the MFA policy exclusion list:

    1. Click on Add User(s) to Exclusion List.

    2. Enter the Username of the user in the input text box.

    3. Click on Save Changes.

Mandatory MFA for all Users

You can set up the MFA policy via your MFA Settings. Once you enable MFA, all Users for a tenancy inclusive of the Tenant Administrator require an MFA while logging into the HCP portal.

Note: Cloud Administrators can enable MFA for Tenancy Users, but not for Tenants.

If your Tenant Administrator has turned on the Enable/Disable Multi-factor Authentication for all users of this tenant toggle to Yes:

  • If you are an existing user, you’ll be redirected to the MFA setup screen whenever you login to the HCP portal.

  • If you are a New user, you’ll will see the MFA setup screen when you login to the HCP portal for the first time.

Set up your MFA

To set up your MFA:

  1. You'll need to scan the QR code using their mobiles or manually enter the secret key on a desktop application. To see the complete list of supported apps click View compatible Apps. After you scan the QR code, the app displays:

    • User Name

    • Issuer Name

    • Soft Token every 30 seconds

  2. You’ll be asked to enter two soft tokens in Code 1 and 2 fields.

  3. Click on Enable.

    • If Code 1 and 2 are valid, you’ll be logged in and redirected to the HCP landing page.

    • If any of Code 1 or 2 is incorrect, you’ll see an ‘Invalid Code' error. You’ll need to re-enter these codes and try to login again.

    • At any point in time, you can navigate to your application login page via the Sign in link on the MFA dialog.

User-defined MFA

If your Tenant Administrator has turned off the Enable/Disable Multi-factor Authentication for all users of this tenant toggle:

  • You can set up your own MFA.

    • If you’ve set your own MFA, you’ll be able to disable, enable or reset it.

  • If your Tenant Administrator turns on the MFA toggle after you’ve created one already:

    • The MFA policy created by your Tenant Administrator takes priority.

    • You'll not be able to enable, disable or reset your MFA policy.

      • You can perform these actions if your Tenant Administrator has added you to the MFA exclusion list.

Set up your MFA

Any user can set up an MFA. To set up your MFA:

  1. Enter your password.

  2. Once the password is validated, you’ll be redirected to the MFA Setup screen.

  3. Follow the steps mentioned in the Set up your MFA section.

Log in using MFA

To login using MFA:

  1. Enter your User Email ID and Password. If the credentials provided are correct, you’ll be redirected to a new window.

  2. You’ll need to enter a 6-digit soft token generated by your authentication app.
    If the soft token is valid, you’ll be able to login to the HCP portal and redirected to the portal landing page.

  3. You can make five attempts to enter the correct soft token.

  4. If you exhaust all five attempts, you’ll get locked out of your HCP account.

  5. Contact your Cloud or Tenant Administrator to unlock your User Name.

    Your Cloud or Tenant Administrator can view the details of your login attempts via the User Lock Info page.

Reset your MFA

If you are a HCP user, you can reset your MFA anytime. To reset your MFA:

  1. Login to your HCP account.

  2. Navigate to the MFA-setup page.

  3. Enter your HCP portal Password.

Note: If you’ve lost your MFA configured mobile device, contact your Tenant Administrator. Your Tenant Administrator will reset your MFA.

If you are a Tenant Administrator, you can reset the MFA by following these steps:

  1. Login to your HCP account as a Tenant Administrator.

  2. Navigate to IAM > Click User Profile > Reset MFA.

Once your Tenant Administrator resets your MFA, you will be redirected to the MFA Setup page. You’ll have to set up your MFA again.

Forgot Password / Reset MFA

If you forget your Password or you want to Reset your MFA, follow the instructions provided in the Reset your MFA section.

© 2020 CloudSphere