Managing Two-Factor Authentication
This topic describes how to enable and disable Replicated two-factor authentication for individual and team accounts in the Replicated vendor portal.
Alternatively, you can use Google Authentication or SAML Authentication to access the vendor portal. For more information about those options, see Managing Google Authentication and Managing SAML Authentication.
About Two-Factor Authentication
Two-factor authentication (2FA) provides additional security by requiring two methods of authentication to access resources and data. When you enable the 2FA option in the vendor portal, you are asked to provide an authentication code and your password during authentication. Replicated uses the open algorithm known as the Time-based One-time Password (TOTP 7), which is specified by the Internet Engineering Task Force (IETF) under RFC 6238 2.
Limitation
If SAML Authentication or Google Authentication is configured and 2FA is also enabled, then 2FA is bypassed. You can leave 2FA enabled, but you are not prompted to enter a code when logging in.
Enable 2FA on Individual Accounts
If you are an administrator or if 2FA is enabled for your team, you can enable 2FA on your individual account.
To enable two-factor authentication on your individual account:
-
In the vendor portal, click Account Settings from the dropdown list in the upper right corner of the screen.
-
In the Two-Factor Authentication pane, click Turn on two-factor authentication.
-
In the Confirm password dialog, enter your vendor portal account password. Click Confirm password.
-
Scan the QR code that displays using a supported two-factor authentication application on your mobile device, such as Google Authenticator. Alternatively, click Use this text code in the vendor portal to generate an alphanumeric code that you enter in the mobile application.
View a larger version of this image
Your mobile application displays an authentication code.
-
Enter the authentication code in the vendor portal.
Two-factor authentication is enabled and a list of recovery codes is displayed at the bottom of the Two-Factor Authentication pane.
-
Save the recovery codes in a secure location. These codes can be used any time (one time per code), if you lose your mobile device.
-
Log out of your account, then log back in to test that it is enabled. You are prompted to enter a one-time code generated by the application on your mobile device.
Disable 2FA on Individual Accounts
To disable two-factor authentication on your individual account:
-
In the vendor portal, click Account Settings from the dropdown list in the upper right corner of the screen.
-
In the Two-Factor Authentication pane, click Turn off two-factor authentication.
-
In the Confirm password dialog, enter your vendor portal account password. Click Confirm password.
Enable or Disable 2FA for a Team
As an administrator, you can enable and disable 2FA for teams. You must first enable 2FA on your individual account before you can enable 2FA for teams. After you enable 2FA for your team, team members can enable 2FA on their individual accounts.
To enable or disable 2FA for a team:
-
In the vendor portal, select the Team tab, then select Multifactor Auth.
-
On the Multifactor Authentication page, do one of the following with the Require Two-Factor Authentication for all Username/Password authenticating users toggle:
- Turn on the toggle to enable 2FA
- Turn off the toggle to disable 2FA
-
Click Save changes.