Setting up multi-factor authentication for Access Appliance on user’s authenticator application.

Abstract

Starting Access Appliance 8.2, users can configure multi-factor authentication (MFA) for themselves. Multi-factor authentication in Access Appliance 8.2 implements recommendations from RFC-6238 “TOTP: Time-Based One-Time Password Algorithm”.

Description

Access Appliance 8.2 implements RFC-6238 “TOTP: Time-Based One-Time Password Algorithm” to enable users to configure their multifactor authentication. Implementation is based on the open standard (RFC-6238); one may use any TOTP application that confirms such RFC mentioned earlier. The process of acquiring such an application differs from one platform (Android, iOS, Desktop) to another, thus we shall restrict our discussion to a couple of widely used, such as: 

• Microsoft Authenticator 
• Google Authenticator 
• Okta Authenticator 

This document assumes users have a working TOTP application installed on their devices which adheres to RFC stated above. 

Microsoft Authenticator

QR code scan: 

• Open the application on your device. 
• In the top right corner, you should notice (＋). 
• Select the type of account as detailed by your organization. 
• Clicking on it and it will open a quick response (QR) code scanner. 
• Scanning the QR code shown on the “Configure multi-factor authentication” dialog shown in Fig 1, will register your multifactor authentication secret on your device. 
• The application should now start displaying a one-time password. 

Manual multifactor registration: 

• Open the application on your device. 
• In the top right corner, you should notice (＋).
• Select the type of account as detailed by your organization.
• At the bottom of the screen, you can see the “Or enter code manually” button.
• Clicking on the widget, you see an interface to type “Account name” and “Secret”.
• Choose a name for “Account name” which will help you in identifying the account. 
• In the “Configure multi-factor authentication” dialog shown in Fig 1, you should see  icon. Clicking on it will display the multifactor authentication key. 
• You will have to type the key in the “Secret” field, followed by “Finish” .

Google Authenticator 

QR code scan: 

• Open the Google Authenticator application on your smart device.
• You may notice the “Add a code” button or a ＋ sign at the bottom right of the screen. Navigating to either will lead you to “Scan a QR code”.
• A Quick Response (QR) code scanner will be launched upon navigating to “Scan a QR code”.
• Scanning the QR code shown on the “Configure multi-factor authentication” dialog as shown in Fig 1, will register your multifactor authentication secret on your device. 
• The application should now start displaying a one-time password. 

Manual multifactor registration: 

• Open the application on your device.
• You may notice the “Add a code” button and/or a ＋ sign at the bottom right of the screen. Navigating to either will lead you to “Enter a setup key”. 
• Click on “Enter a setup key”, you will be presented with an interface to type account name, your key and type of key to select.
• Choose an account name of your choice, which will help you to identify the account.
• In the “Configure multi-factor authentication” dialog shown in Fig 1, you should see the  icon. Clicking on it will reveal the multifactor authentication key.
• You will have to enter the value in the “Your key” field. NetBackup Flex Sale supports time-based one-time password authentication, so make sure the “Type of key” field is selected as time-based. Finalize the change by clicking on ‘Add’.
• The application should now start displaying a one-time password.  

 
Okta Authenticator

QR code scan: 

• Open the application on your device.
• You may notice the “Add a code” button or a ＋ sign at the top right corner of the screen.
• Choice of account type may be governed by your organizational policies. This document assumes “Other” as selection.
• Navigating to “Scan a QR code”will present a quick response (QR) code scanner.
• Scanning the QR code shown on the “Configure multi-factor authentication” dialog as shown in Fig 1, will register your multifactor authentication secret on your device. 

• The application should now start displaying a one-time password. 

Manual multifactor registration: 

• Open the application on your device.
• You may notice the “Add a code” widget or a ＋ sign on the top right of the screen. 
• Choice of account type may be governed by your organizational policies. This document assumes “Other” as selection.
• You may notice the “Enter Key Manually” navigation widget.  Navigating on it will present an interface to setup “Account name” of your choosing.
• Shifting your focus on NetBackup Flex Sale GUI application’s “Configure multi-factor authentication” dialog shown in Fig 1, you should see the  icon. Clicking on it will reveal the multifactor authentication key.
• You will have to type the value of “Key” displayed on the NetBackup Flex Sale GUI “Configure multi-factor authentication” dialog in Okta’s “Key” field. Finish the task by navigating to “Add Account”.
• The application should now start displaying a one-time password. 

Multifactor Authentication properties 

In the event your organization uses its custom TOTP implementation, the following table details implementation properties as recommended by RFC-6238. 

Fig 1.  

Example “Configure multi-factor authentication”: