Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Manage Two-Factor Authentication for On Prem MMS

On this page

Overview

When enabled, two-factor authentication requires a user to enter a verification code to log in and to perform certain protected operations. Operations that require two-factor authentication include:

  • restoring and deleting snapshots,
  • stopping and terminating Backup for a sharded cluster or replica set,
  • inviting and adding users,
  • generating new two-factor authentication backup codes, and
  • saving phone numbers for two-factor authentication.

Administrators with access to the MMS Application’s <install_dir>/conf/conf-mms.properties file on your servers can enable two-factor authentication through the file’s mms.multiFactorAuth.require setting. Administrators can also enable two-factor authentication to use Twilio to send verification codes to uses.

Users configure two-factor authentication on their accounts through their MMS user profiles, where they select whether to receive their verification codes through voice calls, text messages (SMS), or the Google Authenticator application. If your organization does not use Twilio, then users can receive codes only through Google Authenticator.

Administrators can reset accounts for individual users as needed. Reseting a user’s account clears out the user’s existing settings for two-factor authentication. When the user next performs an action that requires verification, MMS forces the user to re-enter settings for two-factor authentication.

Procedures

Enable Two-factor Authentication

1

Open the MMS Application Server’s conf-mms.properties file.

The conf-mms.properties file is located in the <install_dir>/conf/ directory.

2

Set the mms.multiFactorAuth.require property to true.

copy 
mms.multiFactorAuth.require=true
3

Restart the MMS Application.

copy 
sudo service mongodb-mms start

Enable Twilio Integration

1

Configure Twilio integration.

Configure Twilio integration through the Twilio settings in the MMS Application’s conf-mms.properties file.

2

Restart the MMS Application.

For example:

copy 
sudo service mongodb-mms start

Reset a User’s Two-factor Authentication Account

Reseting the user’s account clears out any existing two-factor authentication information. The user will be forced to set it up again at the next login.

You must have the global user admin or global owner role to perform this procedure.

1

Open On Prem MMS Administration.

To open Administration, click the Admin link in the On Prem MMS banner.

2

Select the Users page.

3

Locate the user and click the pencil icon on the user’s line.

4

Select the Clear Two Factor Auth checkbox.

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.