Two-Factor Authentication With Third-Party Authenticators
Introduction
In addition to the regular authentication with login and password, Management Backup offers two-factor authentication (2FA) for users that require improved security for their accounts.
Two-Factor Authentication (2FA) adds a second layer of login security for the main administrator and sub-admin accounts. The two-factor authentication is based on the authenticator application that generates a unique code that must be entered at each login attempt to the Management Console.
As of version 6.4 of Management Console, enhanced 2FA options are available with MSP Control for Android/MSP Admin for iOS mobile applications
You can use Google Authenticator or Microsoft Authenticator on your iOS or Android mobile devices to manage 2FA authentication codes.
Before Using Two-Factor Authentication
Download and install the authenticator application of your choice from the App Store for iOS and Google Play for Android. If you intend to force your administrators to use two-factor authentication, they need to download and install this authentication application as well.
The following authentication applications are supported:
Enable Two-Factor Authentication in Management Console
Two-factor authentication must be configured for every administrative account separately:
- The two-factor authentication can be enabled for the service provider (main administrator) by themselves
- The two-factor authentication can be enabled for sub-administrators by the administrator
Enable the Two-factor Authentication (for Service Provider)
- Open the Management Console.
- In the Settings menu, select the General item.
- Select the Enable 2FA check box.
- The Enable two-factor authentication dialog appears with a QR code generated to connect your device:
- Run the Authenticator app on your device, then scan the generated QR code.
Scan the code in the pop-up window and then enter the code generated by the Authenticator app:
- Click Validate.
Note: if you delete the Authenticator app from your phone, you will not be able to authenticate. In this case, contact the support team and request to disable two-factor authentication. This may take some time.
To avoid this situation, be aware to disable the two-factor authentication option in the Management Console before you delete the Authenticator application from your device
You can create alternative codes for authentication in emergency cases as described below
Enable the Two-Factor Authentication (Sub-Administrator)
- Open the Management Console.
- Click My Profile.
- Select the Enable 2FA check box. Click Save.
- Enable two-factor authentication dialog appears with a QR code:
- Run the Authenticator application on your device, then scan the generated QR code.
Scan the code in the pop-up window and then enter the code generated by the Authenticator app:
- Click Validate.
Note: if you delete the Authenticator app from your phone, you will not be able to authenticate. In this case, contact your service provider and request to disable two-factor authentication. This procedure may take some time.
To avoid this situation, make sure to disable the two-factor authentication option in the Management Console before you delete the Authenticator app from your device
Log In with Two-Factor Authentication Enabled
Once the two-factor authentication is enabled, on every login attempt to the Management Console you will be prompted to provide the authentication code generated in your authenticator application.
- Run the Authenticator application on your device.
- Enter the code into the appropriate field.
Two-Factor Authentication Recovery Codes
For emergency cases, Managed Backup provides alternative codes for authentication.
These codes can be used for access even in case you are not included in the Allowlist or your device with the authenticator app is not available for some reason (for example, you broke it).
When 2FA is enabled, recovery codes are provided as a mandatory step to improve your security. Read more about recovery come ci were occasionally excluded from it. For security reasons, it is recommended to generate alternative codes.
Use Recovery Codes Instead of Authenticator 2FA Codes
When some action in Managed Backup requires 2FA confirmation, the following dialog box appears:
In this dialog box, click Use 2FA recovery code, then enter one of the previously saved recovery codes in the field, then click Confirm.