Resetting multifactor authentication for administrators

Multifactor authentication (MFA) provides an additional layer of protection to the IBM® Storage Protect server account. When an administrator account is set up to use MFA, it is required to specify the user ID, password, and time-based one-time password (TOTP) code to sign in. If the administrator loses access to the security application that is used to generate the TOTP code then the MFA on the account needs to be reset.

About this task

An administrator with System Authority needs to perform the reset action for the administrator who has lost the access to the security application.

To reset MFA on an account, perform one of the following steps:

• Issue the UPDATE ADMIN command with the RESETSHAREDSECRET=YES parameter from the command line administrative client. The existing shared secret is removed from the server database and the Multifactor Authentication Required state parameter is set to TRANSITIONAL. You can now set up MFA again on the account using the steps mentioned in Setting up multifactor authentication for administrators.
• Issue the UPDATE ADMIN command with the MFAREQUIRED=NO parameter to temporarily disable MFA for the administrator account.