OpUtils' Two Factor Authentication

    With Two Factor Authentication (TFA), secure access to OpUtils by adding an additional level of user authentication. TFA requires the user to provide a unique Time-based One Time Password (TOTP) generated through authenticator apps or a One Time Password (OTP) sent to the user's configured Email address. This helps you secure your OpUtils console from unauthorized access.

    Setting up TFA for OpUtils:

    1. Go to Settings > General Settings > and click on User Management.
    2. Click on the Two Factor Authentication tab.
    3. Select the "Enable Two Factor Authentication (TFA)" option.
    4. Choose the required Authentication Modeas Authenticator Apps (TOTP) or Email.
      • Note:
        • Supported authenticator apps include but are not limited to Google Authenticator, Microsoft Authenticator, Duo, etc.
        • In case of TOTP, The server time and the mobile device time must be in sync.
        • On enabling Email authentication, OTP is sent to the user's configured email address.
        • To use Email authentication, Mail Server Settings should have been configured appropriately.
    5. Under the Allow the browser to be trusted forfield, specify the number of days for which the browser can be trusted and the user need not provide TOTP/OTP while logging in.
      • Note:
        • This will be applicable if the user, on logging in, checks the option to trust the browser.
    6. Click Save.

    Setting up authenticator apps

    If 'Authenticator Apps' is chosen as the mode of Authentication, all users will be prompted to set up their Authenticator app during their next login.

    During next login, install and follow the steps shown on screen to configure your desired Authenticator app on your mobile device.

    Enter the OTP generated in the Authenticator app/Email to login.

    Two Factor Authentication (TFA) in OpUtils | ManageEngine OpUtils - help

    Troubleshooting steps:

    • In the case of TOTP based authentication,
      • Since TOTP is time based, the time in the configured mobile device must be in sync with the server time.
      • In the event that a new TOTP secret is required due to the loss of the mobile device configured or for any other such reason, the Admin User can go to Settings -> General Settings -> Authentication and click on the 'Reset TOTP secret' icon under 'Actions' for the respective User.
      • If the default 'admin' user is unable to login to the product, and has lost the configured mobile device, contact our support at oputils-support@manageengine.com to reset the TOTP secret for the default 'admin' user.
    • In the case of Email based authentication,
      • When the mode of Authentication is chosen as 'Email' then the OTP will be sent via Email to the User's configured Email ID. So please ensure that you have configured the correct Email ID. The admin user has the privileges to configure the correct Email ID, if the configured Email ID was not correct.
      • If the users are unable to receive the OTP via Email due to change in mail server configuration, contact support at oputils-support@manageengine.com to disable TFA.