You can enable time-based one-time (TOTP) multifactor authentication (MFA) on the
IBM Storage® Protect
Plus user accounts. By default, time-based
one-time (TOTP) is disabled for all user accounts and must be enabled on a per-user basis by the
SUPERUSER.
Procedure
To set up multifactor authentication on a IBM Storage Protect
Plus user account, complete the following steps:
-
Log in as the SUPERUSER.
-
In the navigation panel, click .
-
Select a user and then click the options icon
. - Click Modify Settings.
-
Select the Enable TOTP Multifactor Authentication check box
.
- Click Update.
Important: If the user with SUPERUSER role enables TOTP MFA for its own account,
IBM Storage Protect
Plus will display a message that the current
session has expired, instructing the user to log in to re-establish a connection to the IBM Storage Protect
Plus.
- Sign on to the IBM Storage Protect
Plus using the
user ID and password of MFA-enabled user. The IBM Storage Protect
Plus displays a QR code that encodes a shared
secret.
- Scan the QR code by using the security application that generates a
time-based one-time password (TOTP) setup on the user's mobile device or workstation.
Important: TOTP MFA is time-based. The time of IBM Storage Protect
Plus server must be in synchronization with the time
of the security application.
Tip: Some of the supported security applications are as follows:
- IBM® Verify
- Duo Mobile
- Google Authenticate
- Microsoft™ Authenticator
- Enter the TOTP passcode that is generated by the security application in
the Passcode field.
- Click Continue to complete the MFA set
up.
Results
After the MFA is successfully set up for a user, the IBM Storage Protect
Plus user interface does not display the QR code for
subsequent logins, unless the TOTP secret key for the user has been expired by the SUPERUSER.
Instead, it displays a prompt for the TOTP passcode. For subsequent sessions, a user must login
using both its password and TOTP passcode.