Set two-factor authentication (2FA) for Users
Administrators can enable two-factor authentication for their Users to add another layer of identity verification.
Administrators can enable two-factor authentication for their Users to add another layer of identity verification. Once two-factor authentication is enabled, a TOTP Authenticator application (for example, Google Authenticator) must provide an authentication code at subsequent sign ins. The authentication check is performed, as applicable, whenever the User/Administrator attempts to:
Sign in to the User/Administration portal.
Sign in with the OpenVPN Connect app to add a connection Profile.
Connect to WPC using the OpenVPN Connect app.
The Administrator can choose to allow Users to skip 2FA on trusted devices. If allowed, the User isn’t prompted for 2FA authentication on a trusted device for 30 days after the initial 2FA authentication.
Note
CloudConnexa provided 2FA can be used only if user authentication uses LDAP or CloudConnexa (Email/Password) authentication. When SAML is used for user authentication, the SAML Identity Provider configuration for 2FA is applicable.
Note
The Owner must set 2FA by going to My Account's Security & Privacy tab, refer to Video: Configure MFA For Your OpenVPN Account. The 2FA setting described below only applies to Users and Administrators of the WPC.
The default setting for 2FA authentication for Users is OFF. To turn this setting on/off, follow the steps below:
Navigate to Settings > User Authentication.
Click Edit, which is located in the top right corner.
Toggle the Two-Factor Authentication switch ON/OFF.
You can select or deselect the Allow Trusted Devices checkbox when the Two-Factor Authentication switch is ON.
Click Update.
Check that the details shown in the confirmation dialog box are correct, and click Confirm.