Two-factor authentication (2FA) is a dual security feature to authenticate users. The Cybersecurity & Infrastructure Security Agency (CISA) recommends enabling 2FA to protect your account if your login credentials are compromised. This article details the 2FA settings in OneView and how to reset 2FA if needed.
A mobile device with a camera and an authenticator app is needed to set up 2FA. Supported authenticator apps:
- Google Authenticator
- Authy
- 1Password
- Microsoft Authenticator
- Okta Verify
- Duo Mobile
- LastPass Authenticator
Require 2FA
Global Administrators can enable a global setting that requires all users to set up 2FA upon their next login. This ensures users are securing their accounts with 2FA.
- Go to Configure > Users.
- Click Two-factor authentication.
- Toggle on Require two-factor authentication for all users.
Manual set up
When the setting to require 2FA is disabled, users can set up 2FA in their profile settings. At the top right, click the display name > Profile. In the Security tab, toggle Enable Two-factor Authentication and follow the steps to set up 2FA.
Recovery code
Global Administrators can enable a global setting that allows users to authenticate using a recovery code sent by email. This setting must be enabled in the console before using a recovery code. A recovery code is helpful in cases where a mobile device was lost or replaced. Enabling this setting could allow threat actors to bypass 2FA if the user's email account is compromised.
- Go to Configure > Users.
- Click the Two-factor authentication button.
- Toggle on Allow the recovery code to be sent via email.
Once the setting is enabled, users can request a recovery code.
Request a recovery code
- Go to the OneView login page.
- Enter the credentials to log in.
- Click Request recovery code.
- Check the email for the recovery code.
- Enter the recovery code in the verification screen and click Submit.
Reset 2FA
We recommend adding a second Global Administrator to OneView if the first Global Administrator has to reset 2FA. If the recovery code option is disabled and a user must reset 2FA, have another Global Administrator follow these steps.
- Click Configure > Users.
- Locate the user and click the ellipsis icon
.
- Click Reset 2FA.
If there are no other admins to reset 2FA, contact Support.