Two-Factor Authentication (TFA)
Recent security breaches around the world have called for the need to be more cautious about securing customer data in their environment. The majority of these breaches are due to compromised passwords and unused account privileges.
Since Remote Access Plus plays a major role in troubleshooting the endpoints in a customer's network, we have enforced our customers to enable Two-Factor Authentication which provides an additional layer of security to validate the user's authenticity.
Enable Two-Factor Authentication
When you enable Two-Factor Authentication, all the users will be required to provide an additional security code to login and access Remote Access Plus. To enable TFA,
- Log in to Remote Access Plus
- Navigate to Admin tab -> User Administration -> Secure Authentication
- Enable Authentication and choose the mode of authentication using which you want to be authenticated
Using an Authenticator App
The authenticator app can be Zoho OneAuth, Google Authenticator, MS Auth, DUO Auth, etc.
If you choose to use an authenticator app, please install the authenticator app on your smart phone and map the Remote Access Plus server details to the authenticator app, which is a one time process. You can use the OTP generated on the app, as an additional layer of security, to login to Remote Access Plus. OTP can be generated anytime, anywhere.
Here are the download links to a few commonly used authenticator apps:
Note:
- TOTP code does not require any internet connection. All data is generated in the On-Premise server
- If the user has deleted the Remote Access Plus account on the authenticator app, then the user should contact the administrator to restore Two-Factor Authentication using the same app. Administrator can resend the QR code to restore the authenticator app from here: Admin -> User Management -> Actions (Under the appropriate user) -> Resend QR code
Using Email
When you choose email as a mode for two-factor authentication, the OTP will be generated by Remote Access Plus and sent to the user's registered email address. User will have to use the OTP received in the email in addition to the regular password. User should have access to email, in order to access Remote Access Plus server. Every generated OTP is valid for 15 minutes from the generation. You can save the OTP for specific browsers for (n) specified days.
FAQ
1. Can I disable TFA after it is enabled?
No. As a part of security enforcement, TFA cannot be disabled once it is enabled. However, you can contact ManageEngine UEMS Support - endpointcentral-support@manageengine.com in any case of trouble with TFA.
