Administrators can enable two-factor authentication. When enabled, two-factor authentication requires a user to enter a verification code to log in and to perform certain protected operations. Operations that require two-factor authentication include:
restoring and deleting snapshots,
inviting and adding users,
generating new two-factor authentication backup codes, and
saving phone numbers for two-factor authentication.
Optionally, administrators can set up two-factor authentication with Twilio. This allows users to receive their authentication codes via SMS.
Users configure two-factor authentication on their accounts through their Ops Manager user profiles, where they select whether to receive their verification codes through voice calls, text messages (SMS), or the Google Authenticator application. If your organization does not use Twilio, then users can receive codes only through Google Authenticator.
Administrators can reset accounts for individual users as needed. Reseting a user's account clears out the user's existing settings for two-factor authentication. When the user next performs an action that requires verification, Ops Manager forces the user to re-enter settings for two-factor authentication.
Select Multi-Factor Auth Level.LevelDescription
OPTIONALUsers can choose to set up two-factor authentication for their Ops Manager account.
REQUIREDAll users must set up two-factor authentication.
REQUIRED_FOR_GLOBAL_ROLESUsers who possess a global role must set up two-factor authentication, while two-factor authentication is optional for all other users.
Optional. Select whether users can reset their two-factor authentication setting via email.
Optional. Specify the Authenticator app issuer. If blank, the issuer is the domain name of the Ops Manager installation.
To allow users to receive their authentication codes via SMS, administrators can optionally enable integration with Twilio.
Enter the following to allow delivery of alerts and SMS multi-factor authentication codes through Twilio:
If you Twilio integration, ensure that
Ops Manager servers can access the
Twilio account ID.
Twilio Auth Token
Twilio API access token
Twilio From Number
Twilio phone number from which to send the alerts and authentication codes to users.
Resetting the user's account clears out any existing two-factor authentication information. The user will be forced to set it up again at the next login.
You must have the
global user admin or
global owner role to perform this procedure.