Using two-factor authentication

You can enable two-factor authentication for the Developer Portal. This feature adds an extra level of security for users attempting to access the Developer Portal.

Before you begin

You must have administrator access to complete this task.

About this task

Important: If the Portal Delegated User Registry is selected for the associated Catalog, or you are using an IBMid user registry, you cannot enable two-factor authentication for the Developer Portal.

Enable two-factor authentication (TFA) to force an additional level of security on specific types of users when accessing the Developer Portal. With TFA enabled, you log in to the site with a verification code in addition to your username and password. You can also enable the Trusted Browsers feature, to allow trusted browsers to bypass the TFA process for 30 days.

When TFA is enabled for the Developer Portal site, you must also configure the admin account security setting to use TFA before logging out of the account. Otherwise you will not be able to log in to the admin account again, as the site will require TFA, but the admin account won't have TFA configured.

Once TFA has been enabled for both the site and for the admin account, you can configure who needs to use TFA to access the Developer Portal. However, note again that a user must enable their TFA security setting for their account prior to their role being configured by the admin account to have to use TFA, or they will not be able to log in to the Developer Portal.

Procedure

To enable two-factor authentication for the Developer Portal site, complete the following steps:

  1. On the administrator dashboard, click Configuration > People > Two-factor Authentication.
  2. Select the Enable TFA check box.
    The view expands to show the configuration options for the two-factor authentication.
  3. Optional: Under Login plugins, you can select the Trusted Browsers check box.
    This feature enables users to mark specific web browsers as trusted, which will cause the TFA token request from that browser to be skipped for 30 days.
  4. Optional: Under Roles required to have set up TFA, select the roles that require users to set up TFA.
    Important: Users must have configured their TFA settings for their account BEFORE being assigned a role that requires TFA, otherwise login will be denied. This rule also applies to the admin account. To configure TFA settings for the admin account, you must complete the steps in the following sections before logging out of the Developer Portal.
  5. Click Save configuration.
    Two-factor authentication is now enabled for the Developer Portal site.

To configure permissions for two-factor authentication, complete the following steps:

  1. Click People > Permissions on the administrator dashboard.
  2. In the Filter list field, type TFA .
    The following permissions will show under the PERMISSION heading:
    • Set up TFA for account - Sets who can turn on two-factor authentication for their account, by default this is only administrators.
    • Administer TFA - Allows the modification of two-factor authentication settings. This permission should only be granted to users with administrator roles.
  3. Select and deselect the check boxes in the columns for each role to assign the previously listed permissions.
  4. Click Save permissions.
    You have configured the permissions for two-factor authentication.

To configure the admin account to use two-factor authentication, complete the following steps:

  1. Click the admin account name in the upper right of the UI. If you are configuring TFA settings for a a different account, click People on the administrator dashboard, and select the username of the account you want to configure.
    The account details page is displayed.
  2. Select the Security tab.
  3. Click Set up application and enter your current password. Click Confirm.
    The TFA setup - Application page is displayed.
  4. Configure the TFA settings required.
  5. Click Verify and save.
    Two-factor authentication is now enabled for the account.

Results

You have enabled and configured two-factor authentication.

You can encourage users to setup TFA on their account by applying a TFA Rules (tfa_rules) module. For more information, see Encouraging users to set up two-factor authentication on their Developer Portal account.