Set Up Multi-Factor Authentication with Platform9 Managed OpenStack

Multi-factor authentication (MFA) provides increased security and better access control to Platform9 resources. With multi-factor authentication, the user is expected to provide more than one authentication parameters to sign in. In the case of Platform9 sign ins, this would be a user authentication code in addition to the user password.

Platform9 relies on time-based one-time password (TOTP) algorithm to generate an authentication code for the user. The TOTP algorithm computes a one-time password from a shared secret key and the current time on the system.

To get started with MFA, the user should have a dedicated virtual device setup for their Platform9 account. Virtual devices, which work with Platform9, are apps on the user's mobile device or computer which support generation of TOTP codes for the user account. These authentication codes will be used by the user when they want to sign in to Platform9.

Platform9 recommends that users have the MFA feature enabled for their accounts.

Signing in to Platform9 using Multi-Factor Authentication

If the user's password and TOTP authentication code match, the user should be signed in.

Setting up Multi-Factor Authentication for a user

MFA is now enabled for the user account. The user should now use their password and the current authentication code generated by their MFA device when they sign in to Platform9.

Disabling Multi-Factor Authentication for a user

Resetting Multi-Factor Authentication Secret Code for a User

When the MFA device is lost or stolen, an administrator will need to reset the MFA settings for that user. This process involves generating a new TOTP shared secret for the user, in order to deactivate the shared secret that was configured on the lost or stolen device.

To achieve this, follow the steps listed in "Disabling Multi-Factor Authentication for a user" followed by the steps listed in "Setting up Multi-Factor Authentication for a user"

Sample Apps That Can Be Installed on the Virtual Device

October 14, 2015