Secure access using two-factor authentication

Recent security breaches around the world have called for the need to be more cautious about securing customer data in their environment. The majority of these breaches are due to compromised passwords and unused account privileges.

Since Patch Manager Plus plays a major role in managing the endpoints in a customer's network, we have enforced our customers to enable Two-Factor Authentication which provides an additional layer of security to validate the user's authenticity.

Enable Two-Factor Authentication

When you enable Two-Factor Authentication, all the users will be required to provide an additional security code to login and access Patch Manager Plus. To enable TFA,

  • Log in to Patch Manager Plus
  • Navigate to Admin tab -> User Administration -> Secure Authentication
  • Two-factor authentication

  • Enable Authentication and choose the mode of authentication using which you want to be authenticated
  • Two-factor authentication

Using an Authenticator app

Note: The authenticator app could be Zoho OneAuth, Google Authenticator, MS Auth, DUO Auth, etc..

If you choose to use an authenticator app, please install the authenticator app on your smart phone and map the Patch Manager Plus server details to the authenticator app, which is a one time process. You can use the OTP generated on the app, as an additional layer of security, to login to Patch Manager Plus. OTP can be generated anytime, anywhere, and it does not require any connection to internet.

Here are the download links to a few commonly used authenticator apps:

Note:

  • TOTP code does not require any internet connection. All data is generated in the On-Premise server
  • If the user has deleted the Patch Manager Plus account on the authenticator app, then the user should contact the administrator to restore Two-Factor Authentication using the same app. Administrator can resend the QR code to restore the authenticator app from here: Admin -> User Management -> Actions (Under the appropriate user) -> Resend QR code

Using Email

When you choose email as a mode for two-factor authentication, the OTP will be generated by Patch Manager Plus and sent to the user's registered email address. User will have to use the OTP received in the email in addition to the regular password. User should have access to email, in order to access Patch Manager Plus server. Every generated OTP is valid for 15 minutes from the generation. You can save the OTP for specific browsers for (n) specified days.

FAQ

1. Can I disable TFA after it is enabled?

No. As a part of security enforcement, TFA cannot be disabled once it is enabled. However, you can contact Patch Manager Plus Support in any case of trouble with TFA.

Refer to this document to know more about configuring the Authenticator app for two-factor authentication.