Administrators can log into the Cortado MDM administration portal via a Two-Factor Authentication.
Aim
In this How-To we will show you how to set up the Two-Factor Authentication.
Implementation
Configure authentication method in the Administration Portal
Start by determining which authentication methods are usually permitted for the administration portal. By default, all available methods are activated.
- To do this, open the administration portal under Administration→ Administrators→ Configure (arrow in illus.).
To use the Two-Factor Authentication, the corresponding checkbox must be activated (arrow in illus.).
Enable two-factor authentication
- Then select Account→ Manage Account (arrow in illus.).
- Then select Two-Factor Authenticaton in the menu in the left column (left arrow in illus.).
- Then enable the slider (right arrow in illus.).
- Download an authentication app (for example Google Authenticator) onto your smartphone (left illus.).
- In the app, select either ScanQRcode (upper arrow in the right illus.) or Enterthesetupkey (lower arrow in the right illus.).
- Now either scan the QR code with the app or enter the setup key (see illus.).
- Following that, a verification code will appear in the authenticator app on the smartphone. Enter the verification code in the administration portal (arrow in the illus.) and then click on Verify.
After the successful configuration, you will be presented with several recovery codes. You can use these codes if you lose your smartphone and no longer have access to the authenticator app. Be sure to keep these recovery codes in a safe place.
Whenever you are logged in to the administration portal, you are able to reset your recovery codes and generate new codes at any time.
The next time you log in to the administration portal, as well as your user name and password, you will have to enter a new verification code from the authenticator app (arrow in the illus.). Or, alternatively, you can use a recovery code.
Disable two-factor authentication/reset authenticator key
- To (temporarily) disable two-factor authentication, use the slider (upper arrow in illus.). The two-factor authentication will then be switched off.
- In this case, the keys stored in the Authenticator app will remain and will not be changed. If you enable two-factor authentication again later, everything will work as before.
- If you had to log in with a recovery code because you no longer have access to your mobile device with the Authenticator app, use the Reset Authenticator Key option instead (lower arrow in illus.).
- The Authenticator key and recovery codes will then be deleted and two-factor authentication will be disabled.
- To use two-factor authentication again, you need to reconfigure the Authenticator app as described above.