Configure Multi-Factor authentication for a user

Starting PowerVC version 2.3.1, an additional authentication mechanism called TOTP (Time-based One-Time Password) is added to provide enhanced security for the users who login. TOTP along with password must be provided for user authentication, making it a 2-factor authentication (2FA) or multi-factor authentication. Users with admin or admin_assist role can enable 2FA for any other user.

PowerVC must be configured with an LDAP server. For every user having a role in PowerVC must have an email address associated with their LDAP account so that MFA can be configured.

For information about configuring PowerVC to manage users or groups from an LDAP server, see Configuring LDAP. See Multi-Factor authentication for details on MFA setup.

To configure MFA for a user, on the PowerVC GUI, navigate to User and Groups, select the user and click Enable MFA.

The 2FA enabled user receives an email notification that contains the secret key and QR code to the email configured with LDAP. This secret key contains sensitive information and is only known to PowerVC and the respective user. The secret must not be shared with anyone else.