(no) Two Factor Authentication
Translation needed
The content of this page was copied from another page tree and needs to be translated or updated.
When you finish translation, make sure to
-
Replace the label NEEDS-TRANSLATING with TRANSLATED
-
Remove this macro from the page
Since v4.4.0
Introduction
This chapter describes how to setup two factor authentication with any account.
This type of additional security is available for all providers - both internal and external like ADFS or LDAP.Â
Initial setup
Step 1: login to you account
Before you start, you have to authenticate in a standard way.Â
Step 2: select change password function
This function will open you account security page:
A new tab is opened with account information:
 Page is loaded from a different URL. This is normal and you will not be asked to sign in again.Â
Select "Signing in" option in Account Security section.S
 Note: at this point you will have to re-authenticate for security reasons.
Setting up the mobile authenticator app
Before you begin, please install one of the free applications that support OTP (One time passowrd).Â
If you already use such application, you do not need to install a specific one.
Compatible free applications for generating one time login codes:
Microsoft Authenticator
Google Authenticator
FreeOTP Authenticator by RedHat
Once the application is installed, select Setup Authenticator App link. You will be presented with the screen below:
Examples below are shown by using Microsoft Authenticator app.
Now start the application, on the main screen select Add Account option:
From the Add account page, select Other
This will start up a QR code scanner. Please scan the QR code displayed by FM ACCESS.
Once the scan is complete, you will see a paired application on the list.
On the desktop browser, you will see a paired device:
 From now on you will be requested to provide One Time Password on every login.Â
A user can setup as many OTP providers as needed, e.g. one for each device (phone, tablet, smart watch).
Reset Two Factor Authentication (OTP)Â
Once a user sets their OTP Authenticatior they cannot login without it.Â
If a user looses phone, does not have a backup and cannot login, an OTP must be disabled by security administrator for this user.Â
Request a user to setup OTP
In the user administration page, select Credentials Reset action.
In the Reset Action field, select Configure OTP:
A user will now be requested to setup new OTP. They can remove the old one if it will not be used in the Account page.Â
Entirely remove OTP for user
There is no other way to bypass OTP or reset it by the user, e.g. via e-mail.
Security Administrator should login to customer realm and access Users - Credentials
Then use "delete" function next to OTP credentials. Now a user will be able to login without OTP.Â