You can enable time-based one-time (TOTP) multifactor authentication (MFA) on the
IBM® Storage Defender Sentinel
ADMIN account.
Procedure
To enable time-based one-time (TOTP) multifactor authentication on the IBM Storage Defender Sentinel ADMIN account, complete the following
steps:
:
- Enter the following command as a root user on the command-line
interface (CLI):
setimconfig login totp [always, ifset, never],
where:
| Mode |
Description |
| always |
MFA is enabled for all users and the OTP is required to log in. |
| ifset |
MFA is set for specific users and the OTP is required for those users to log in. |
| never |
MFA is not set and MFA will not be used for logging in to the UI. |
- Create a key for the admin account by entering the following
command:
iepasswd -k admin
The command returns a
secret string that your system administrator ADMIN user can add to an
authentication app, such as Google Authenticator. See below for an example of the returned
string:
otpauth://totp/admin?secret=C8AOWII6PYVMLMD1OSD2YCGILM&issuer=engine.example.com
Use the string that's located between the = and & characters.
The 6-digit code that's displayed in the authentication app is the OTP that you must use to log
in. For additional MFA commands, see Additional MFA commands