One-Time Password (Email Authentication)
Access Manager Plus allows you to add Two-Factor Authentication for security. One of the ways is through your email. In this method, after the first level of authentication, Access Manager Plus generates a one-time password and sends it to your email. This password must be entered by the user to authenticate at the second level. This generated password is applicable only for that particular login session of the web interface. If the user tries to login again, he will not be able to login with the same password sent by email earlier. The user has to enter the new password that is sent to his email again and enter that for authentication.
Summary of Steps
- Configuring Two-Factor Authentication in Access Manager Plus
- Enforcing Two-Factor Authentication for Required Users
- Connecting to Access Manager Plus Web Interface when TFA is Enabled
1. Configuring Two-Factor Authentication in Access Manager Plus
- Navigate to Admin >> Authentication >> Two-Factor Authentication.
- Choose the option One-time password sent through email.
- Click Save.
- Click on Confirm to enforce OTP through email as the second factor of authentication.
2. Enforcing Two-Factor Authentication for Required Users
- Once you confirm OTP through email as the second factor of authentication in the previous step, a new window will prompt you to select the users for whom Two-Factor Authentication should be enforced.
- You can enable or disable Two-Factor Authentication for a single user or multiple users in bulk from here. To enable Two-Factor Authentication for a single user, click on the Enablebutton beside their respective username. For multiple users, select the required usernames and click on Enable at the top of the user list. Similarly, you can also Disable Two-Factor Authentication from here.
- You can also select the users later by navigating to Users >> More Actions >> Two-Factor Authenitcation.
3. Connecting to Access Manager Plus Web Interface when TFA is Enabled
The users for whom Two-Factor Authentication is enabled, will have to authenticate twice successively. As explained above, the first level of authentication will be through the usual authentication. That is, the users have to authenticate through Access Manager Plus's local authentication or AD/LDAP/Azure AD authentication. If the administrator has chosen the TFA option One time password sent through email, the Two-Factor Authentication will happen as detailed below:
- Upon launching the Access Manager Plus web-interface, the user has to enter the username and local authentication or AD/LDAP/Azure AD password to log in to Access Manager Plus and click Login.
- Once the first level of authentication succeeds, Access Manager Plus will generate a random password and email it to the user.
- The user has to fetch the password from the email and enter it as the second password.
- If the second authentication succeeds, the user will be allowed to view the Access Manager Plus web interface.
Note: The second level password generated and sent by Access Manager Plus is applicable only for that particular session of the web-interface. If the user logs out and tries to log in again, they will not be allowed to log in with the same password sent by email earlier. When the user logs in again, another new password will be sent to their email which they must use for authentication.