- Security >
- Manage Two-Factor Authentication for Ops Manager
Manage Two-Factor Authentication for Ops Manager¶
On this page
Overview¶
When enabled, two-factor authentication requires a user to enter a verification code to log in and to perform certain protected operations. Operations that require two-factor authentication include:
- restoring and deleting snapshots,
- stopping and terminating Backup for a sharded cluster or replica set,
- inviting and adding users,
- generating new two-factor authentication backup codes, and
- saving phone numbers for two-factor authentication.
Administrators with access to the Ops Manager Application’s
conf-mms.properties
configuration file
can enable
two-factor authentication through the file’s
mms.multiFactorAuth.level
setting. Administrators can also enable
two-factor authentication to use Twilio to send verification codes to users
via SMS or voice call.
Users configure two-factor authentication on their accounts through their Ops Manager user profiles, where they select whether to receive their verification codes through voice calls, text messages (SMS), or the Google Authenticator application. If your organization does not use Twilio, then users can receive codes only through Google Authenticator.
Administrators can reset accounts for individual users as needed. Reseting a user’s account clears out the user’s existing settings for two-factor authentication. When the user next performs an action that requires verification, Ops Manager forces the user to re-enter settings for two-factor authentication.
Procedures¶
Enable Two-factor Authentication¶
Open the Ops Manager Application’s conf-mms.properties
file.¶
The conf-mms.properties
file is located in the
<install_dir>/conf/
directory. See Ops Manager Configuration
for more information.
Set the mms.multiFactorAuth.level
property to OPTIONAL
, REQUIRED
, or REQUIRED_FOR_GLOBAL_ROLES
.¶
When mms.multiFactorAuth.level
is OPTIONAL
, users can
choose to set up two-factor authentication for their Ops Manager account.
When mms.multiFactorAuth.level
is REQUIRED
, all users
must set up two-factor authentication.
When mms.multiFactorAuth.level
is REQUIRED_FOR_GLOBAL_ROLES
,
users who possess a global role must set up two-factor
authentication, while two-factor authentication is optional for
all other users.
Restart the Ops Manager Application.¶
Enable Twilio Integration¶
Configure Twilio integration.¶
Configure Twilio integration through the Twilio settings in the Ops Manager Application’s conf-mms.properties
file.
Restart the Ops Manager Application.¶
For example:
Reset a User’s Two-factor Authentication Account¶
Reseting the user’s account clears out any existing two-factor authentication information. The user will be forced to set it up again at the next login.
You must have the global user admin
or global owner
role to perform this procedure.
Open Ops Manager Administration.¶
To open Administration, click the Admin link in the Ops Manager banner.