Setting up multifactor authentication

Edit online

You can setup multifactor authentication for a non-root user.

To setup multifactor authentication for a non-root user, complete the following steps:
  1. Log in as root in the VM Recovery Manager HA GUI.
  2. Add a user. For more information on adding a user, see User role management in GUI topic.
  3. In the Add New User screen, select Enable MFA in the User Details section.

When the newly added user logs in to the GUI, the GUI displays the Choose OTP Authentication Method screen. The user must enter the OTP that is sent to their email or phone.

Prerequisites for multifactor authentication

  • After upgrading the VM Recovery Manager HA GUI to Version 1.8, you must sync the database changes. To sync the database, run the following command: 
    cd /opt/IBM/ksys/ui/server/dist/server/bin; vmruiinst.ksh -i /home/vmrui_rpms/
    Restart the server after you run the command.
  • Update the server-configuration.json file with the multifactor authentication configuration information, such as client ID, client secret, and tenant. 
    "mfaConfiguration": { // MFA configuration file
        "proxy": "",
        "client_id": "",
        "client_secret": "",
        "tenant": ""
    You can find the server-configuration.json file at the following location:
    /opt/IBM/ksys/ui/server/node_modules/vmrui-common/lib/configuration/server.
    Restart the server after updating the configuration file.
  • Before creating a tenant, you must first register on the IBM Security Verify website by entering the necessary information. After successfull registration, the IBM Security Verify website redirects you to the Set up your tenant page.

  • You can get the Client ID and Client secret from the IBM Security website after creating a tenant. Log in to the IBM Security webite after you've created a tenant. In the navigation pane, click Security > API access. The Client ID and Client secret can be found in the API credentials area.