Setting up multi-factor authentication for NetBackup on user’s authenticator application.

Abstract

Starting NetBackup 10.3, users can configure multi-factor authentication (MFA) for themselves. Multi-factor authentication in NetBackup 10.3 implements recommendations from RFC-6238 “TOTP: Time-Based One-Time Password Algorithm”.

Description

NetBackup 10.3 implements RFC-6238 “TOTP: Time-Based One-Time Password Algorithm” to enable users to configure their multifactor authentication. Implementation being based on open standard (RFC-6238); one may use any TOTP application confirming to such RFC mentioned earlier. The process of acquiring such an application would differ from one platform (Android, iOS, Desktop) to another, thus we shall restrict our discussion to a couple of widely used, such as: 

• Microsoft Authenticator 
• Google Authenticator 
• Okta Authenticator 

This document assumes users would have a working TOTP application installed on their devices which adheres to RFC stated above. 

Microsoft Authenticator

QR code scan: 

• Open the application on your device. 
• On the upper top right corner, you should notice (＋). 
• Select the type of account as detailed by your organization. 
• Clicking on it and it shall open quick response (QR) code scanner. 
• Scanning the QR code shown on the “Configure multi-factor authentication” dialog shown in Fig 1, shall register your multifactor authentication secret in your device. 

• The application should now start displaying one-time password. 

Manual multifactor registration: 

• Open the application on your device. 
• On the upper top right corner, you should notice (＋).
• Select the type of account as detailed by your organization.
• At the bottom of the screen, one shall notice “Or enter code manually” button.
• Clicking on the widget, you shall be presented with an interface to type “Account name” and “Secret”
• Choose a name for “Account name” which will help you in identifying the account. 
• In “Configure multi-factor authentication” dialog shown in Fig 1, you shall notice icon. Clicking on it shall display the multifactor authentication key. 
• You will have to type the key in “Secret” field, followed by “Finish” 

Google Authenticator 

QR code scan: 

• Open the Google Authenticator application on your smart device.
• You may notice “Add a code” button or a ＋ towards ‘right bottom’ of the screen. Navigating to either will lead you to “Scan a QR code”
• Quick Response (QR) code scanner will be launched upon navigating to “Scan a QR code”
• Scanning the QR code shown on the “Configure multi-factor authentication” dialog as shown in Fig 1, shall register your multifactor authentication secret in your device. 

• The application should now start displaying one-time password. 

Manual multifactor registration: 

• Open the application on your device.
• You may notice “Add a code” button and/or a ＋ towards ‘right bottom’ of the screen. Navigating to either will lead you to “Enter a setup key” 
• Click on “Enter a setup key”, you shall be presented with an interface to type account name, your key and type of key to select.
• Choose an Account name of your liking; which will help you to identify the account.
•  “Configure multi-factor authentication” dialog shown in Fig 1, you shall notice icon. Clicking on it shall reveal the multifactor authentication key.
• You will have to key in the value in “Your key” field. NetBackup supports time-based one-time password authentication so make sure “Type of key” filed should be selected as Time based. Finalize the change by clicking on ‘Add’
• The application should now start displaying one-time password.  

 
Okta Authenticator

QR code scan: 

• Open the application on your device.
• You may notice “Add a code” button or a ＋ towards ‘right top’ of the screen.
• Choice of account type may be governed by your organizational policies. This document assumes “Other” as selection.
• Navigating to “Scan a QR code” shall present quick response (QR) code scanner.
• Scanning the QR code shown on the “Configure multi-factor authentication” dialog as shown in Fig 1, shall register your multifactor authentication secret in your device. 

• The application should now start displaying a one-time password. 

Manual multifactor registration: 

• Open the application on your device.
• You may notice “Add a code” widget or a ＋ towards ‘right top’ of the screen. 
• Choice of account type may be governed by your organizational policies. This document assumes “Other” as selection.
• You may notice “Enter Key Manually” navigation widget.  Navigating on it will present and interface to setup “Account name” of your choosing.
• Shifting your focus on NetBackup Web UI application’s “Configure multi-factor authentication” dialog shown in Fig 1, you shall notice icon. Clicking on it shall reveal the multifactor authentication key.
• You will have to type the value of “Key” displayed on NetBackup Web UI “Configure multi-factor authentication” dialog in Okta’s “Key” field. Finishing the task by navigating to “Add Account” 
• The application should now start displaying one-time password. 

Multifactor Authentication properties 

In an event your organization uses it custom TOTP implementation, following table details implementation properties as recommended by RFC-6238. 

Fig 1.  

Example “Configure multi-factor authentication”: