MFA Configuration

This Multi-factor Authentication (MFA) page allows System Administrators to enable specific, possibly different, MFA providers on an individual user or group basis.

Additionally, a default MFA provider can be configured that requires all users to authenticate using that same provider with the option to exclude individuals (direct login without requiring MFA).

NOTE: The general use of MFA authentication in PAM requires certain pre-requisites to be installed and configured on the host server. Please review the MFA guides located on our website for information regarding these requirements.

To assign an MFA provider to a user or group:

  1. Navigate to Administration > MFA and click the Add button.

    2. MFA-Add.png

  2. On the New Multi-factor Authentication page, configure your MFA as required.

Default

When selected, this specific configuration becomes the default MFA provider for all users or groups. In turn, the specific users or groups added separately then become exceptions to this default provider.

Principals

User or Group to assign to this provider.

 

This Principals option is removed when the Default option is enabled because default applies to all principals.

Provider

Select the MFA provider from those available in the dropdown list.

 

The list of providers in this menu is populated based on the MFA integration(s) that have been established with PAM.

 

Of note, the none option will result in no MFA authentication being required for the selected principals and the mfa-generic option is used exclusively for token enforcement during SSH Proxy sessions only.

MFA-provider-gauth.png

  1. Click the Save button to complete your MFA configuration.

To edit an MFA provider assignment for a user or group:

  1. Navigate to Administration > MFA, locate the entry you want to update, open its Actions menu and select the Edit option.

  2. On the Edit Multi-factor Authentication page, update the configuration as needed.

  3. Click the Save button to complete your updated MFA configuration.

    MFA-success.png

To delete an MFA provider assignment for a user or group:

  1. Navigate to Administration > MFA, locate the entry you want to delete, open its Actions menu and select the Delete option. For a bulk delete option, check the box next to each entry you want to delete and then click the Delete button located above the Search box.

  2. Click the OK button on the confirmation dialog to complete the removal of the selected MFA configuration.