- Install On Prem MMS >
- Global Application Configuration >
- Manage Two-Factor Authentication for On Prem MMS
Manage Two-Factor Authentication for On Prem MMS¶
On this page
Overview¶
When enabled, two-factor authentication requires a user to enter a verification code to log in and to perform certain protected operations. Operations that require two-factor authentication include:
- restoring and deleting snapshots,
- stopping and terminating Backup for a sharded cluster or replica set,
- inviting and adding users,
- generating new two-factor authentication backup codes, and
- saving phone numbers for two-factor authentication.
Administrators with access to the MMS Application’s
<install_dir>/conf/conf-mms.properties
file on your servers can enable
two-factor authentication through the file’s
mms.multiFactorAuth.require
setting. Administrators can also enable
two-factor authentication to use Twilio to send verification codes to uses.
Users configure two-factor authentication on their accounts through their MMS user profiles, where they select whether to receive their verification codes through voice calls, text messages (SMS), or the Google Authenticator application. If your organization does not use Twilio, then users can receive codes only through Google Authenticator.
Administrators can reset accounts for individual users as needed. Reseting a user’s account clears out the user’s existing settings for two-factor authentication. When the user next performs an action that requires verification, MMS forces the user to re-enter settings for two-factor authentication.
Procedures¶
Enable Two-factor Authentication¶
Open the MMS Application Server’s conf-mms.properties
file.¶
The conf-mms.properties
file is located in the
<install_dir>/conf/
directory.
Set the mms.multiFactorAuth.require
property to true
.¶
Restart the MMS Application.¶
Enable Twilio Integration¶
Configure Twilio integration.¶
Configure Twilio integration through the Twilio settings in the MMS Application’s conf-mms.properties
file.
Restart the MMS Application.¶
For example:
Reset a User’s Two-factor Authentication Account¶
Reseting the user’s account clears out any existing two-factor authentication information. The user will be forced to set it up again at the next login.
You must have the global user admin
or global owner
role to perform this procedure.
Open On Prem MMS Administration.¶
To open Administration, click the Admin link in the On Prem MMS banner.