chauthmultifactorverify

Use the chauthmultifactorverify command to change the system-wide IBM Security Verify multifactor authentication configuration.

Syntax

Read syntax diagramSkip visual syntax diagram chauthmultifactorverify -enable-disable-failmodesecure | insecure-hostnamehost_name-portport-openidclientidopenid_client_id-openidclientsecretopenid_client_secret-cliclientidcli_client_id-cliclientsecretcli_client_secret-adminenrolledenabled | disabled -maxpromptsmax_prompts-force

Parameters

-enable
(Optional) Specifies the enablement of the multifactor authentication service.
-disable
(Optional) Specifies the disablement of the multifactor authentication service. This parameter is mutually exclusive with -enable, -failmode, -hostname, -port, -openidclientid, -openidclientsecret, -cliclientid, -cliclientsecret.
-failmode
(Optional) Specifies the system behavior for the user logins when the MFA server is unavailable. Value can be insecure or secure
  • A failmode of secure means login to MFA-enabled users will fail if the server is unavailable.
  • A failmode of insecure means logins to MFA-enabled users will succeed if the server is unavailable.
-hostname host_name
(Optional) Specifies the hostname of the IBM Security Verify tenant. It must consist of a string up to 255 printable ASCII characters.
-port port
(Optional) Specifies the port number of the IBM Security Verify tenant. The value must be an integer 1-65535.
-openidclientid openid_client_id
(Optional) Specifies the IBM Security Verify OpenID Connect client ID for the system. It is required to enable the multifactor authentication for login to the Storage Virtualize GUI. It must consist of a string up to 64 printable ASCII characters.
-openidclientsecret openid_client_secret
(Optional) Specifies the IBM Security Verify OpenID Connect client secret of the system. It must consist of a string up to 96 printable ASCII characters.
-cliclientid cli_client_id
(Optional) Specifies the IBM Security Verify CLI client ID for the system. It is required to enable the multifactor authentication for login to the Storage Virtualize CLI. It must consist of a string up to 64 printable ASCII characters.
-cliclientsecret cli_client_secret
(Optional) Specifies the IBM Security Verify CLI client secret key of the system. It must consist of a string up to 96 printable ASCII characters.
-adminenrolled enabled | disabled
(Optional) Specifies whether to display factors enrolled by the IBM Security Verify administrator on the choice list of factors when logging into the command line.
-maxprompts max_prompts
(Optional) Specifies the maximum number of prompts displayed when attempting to log in with a second factor on the CLI.
-force
(Optional) Specifies that MFA will be removed for superuser and any user groups with MFA enabled, when used with the -disable parameter.

An invocation example

chauthmultifactorverify -hostname xxxxx.xxxxxx.ibm.com -openidclientid 
xxxxxxx-xxxxx-xxxx-xxxxx-xxxxx -openidclientsecret xxxxxx -cliclientid 
xxxxxxx-xxxxx-xxxxx-xxx-xxxx -cliclientsecret xxxxxxx -enable

The resulting output:

No feedback.