Require multifactor authentication for IBMid users

Edit online

You can require multifactor authentication (MFA) for all Aspera on Cloud organization members who log in with IBMid. Once enabled, users who enter their IBMid credentials (the first factor) see a page that requires them to enter a verification code (the second factor). The second factor can be delivered in either of two ways.

  • By default, users receive a verification code in their IBMid email account.
  • Users who prefer to use an authenticator app can configure this in their IBMid account. Log in to www.ibm.com with IBMid credentials; go to Profile > ID and password > TOTP for configuration guidance. Users can download the authenticator app of their choice to their smart phone or tablet; for example, IBM Verify or Google Authenticator.

Before you begin

Keep the following in mind when considering whether and when to enable MFA for your Aspera on Cloud organization.
  • Enabling MFA affects all your organization members who log in with IBMid.
  • MFA for your organization applies to the AoC web app login for IBMid users. API keys for users and service IDs continue to work after you enable MFA.
  • Plan a communication and support strategy for users in your organization:
    • Choose a date and time to enable MFA that results in the least impact to your business.
    • Notify your account users that you will be enabling MFA, and provide them with information on what to expect and how to prepare.

Enabling MFA

Enabling MFA does not affect users that are already logged in; MFA takes effect only at new logins.

  1. Go to Authentication > OAuth > IBMid.
  2. Select the checkbox labeled Require multifactor authentication.
  3. Click Save.

Upon their next log in attempt, your IBMid users receive the second-factor authentication request according to their IBMid profile.