Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Manage Your Two-Factor Authentication Options

Overview

When enabled, Ops Manager requires two-factor authentication to help users control access to their Ops Manager accounts. To log into Ops Manager, a user must provide their password (i.e. “something you know”), as well as a second time-sensitive verification code, delivered during authentication (i.e. “something you have”). By requiring both factors, Ops Manager can grant authentication requests with a higher degree of confidence.

Ops Manager users receive verification codes through text messages (SMS), automated voice calls or an application that implements the Time-based One-time Password Algorithm (TOTP), such as the Google Authenticator application. Users can configure two-factor authentication mechanisms when signing up for Ops Manager or in the Account page in Ops Manager Settings.

Note

To enable or disable two-factor authentication for the entire Ops Manager environment, see Manage Two-Factor Authentication for Ops Manager.

Authentication with Text or Voice Messages

Users can receive verification codes through text or voice by providing phone numbers when setting up their Ops Manager profiles. When a user needs a code, Ops Manager sends the code using text (SMS) or through an automated phone call that reads out the code.

Certain network providers and countries may impose delays on SMS messages. Users who experience delays should consider Google Authenticator for verification codes.

Note

From India, use Google Authenticator for two-factor authentication. Google Authenticator is more reliable than authentication with SMS text messages to Indian mobile phone numbers (i.e. country code 91).

Authentication using Google Authenticator

Google Authenticator is a smartphone application that uses TOTP to generate verification codes. When a user needs a code, the application generates a time-based code based on a private key that was shared between Ops Manager and the user’s Google Authenticator application during the initial pairing process.

The Google Authenticator application does not require a Google account and does not connect a user’s Ops Manager account to Google in any way. The has both iOS and Android versions, and the user does not need to associate the application with a Google account. Ops Manager two-factor authentication using Google Authenticator is not in any way integrated with Google’s own account authentication mechanisms, and Ops Manager does not provide two-factor authentication codes to Google.

Other Two Factor Authentication Implementations

There are implementations of the Time-based One-time Password Algorithm (TOTP) other than Google Authenticator. For example, the Authenticator application for Windows Phones. Ensure that whichever devices runs the TOTP application has its own set of robust authentication requirements. For other implementations of TOTP, consider the list of TOTP implementations on Wikipedia.

Two-Factor Authentication on a Shared Account

A global team that shares the same Ops Manager account can use Google Authenticator and use the same seed code for all team members. To generate a common seed code that all team members can use, select the Can’t scan the barcode? link when Configuring Two-Factor Authentication with Google Authenticator.

Configure Two-Factor Authentication with Text or Voice

1

In Ops Manager, click Settings, then Account.

2

Select the pencil icon for Two Factor Authentication.

Or, if this is the first time you are setting up an account, click the Configure button to the right side of the Account page and follow the instructions.

3

Select Use Voice/SMS.

4

Enter the phone number for the phone that will receive the codes.

If you are outside of the United States or Canada, you must include 011 and your country code. Alternatively, you can sign up for a Google Voice number and use that number for your authentication.

5

Select how to receive the codes.

Select either Text message (SMS) or Voice call (US/Canada only).

6

Click Send Code.

Ops Manager sends the codes to your phone.

7

Enter the code in the box provided in Ops Manager and click Verify.

8

Click Save Changes.

Configure Two-Factor Authentication with Google Authenticator

1

Install Google Authenticator from either the Google Play store or the iOS Apple Store, depending on your device.

2

Run Google Authenticator.

3

Click Begin Setup.

4

When prompted, select how you will enter the shared private key.

Under Manually Add an Account, select either Scan a barcode or Enter provided key. Stay on this screen while you use the next steps to access the barcode or key in Ops Manager.

5

In Ops Manager, click Settings, then Account.

6

Select the pencil icon for Two Factor Authentication.

Or, if this is the first time you are setting up an account, click the Configure button to the right side of the Account page and follow the instructions.

7

Select Use Google Authenticator.

Ops Manager provides a barcode and a Can’t scan the barcode? link.

8

Scan or enter the shared private key.

If your smartphone can scan barcodes, then scan the barcode. Otherwise, click Can’t scan the barcode? and type the provided Key into your smartphone.

9

Enter the Google Authenticator code in Ops Manager.

After you scan the barcode or enter the key, Google Authenticator generates a 6-digit code. Enter that in the box provided in Ops Manager and click Verify.

10

Click Save Changes.

Generate New Recovery Codes

As a backup, you can generate recovery codes to use in place of a sent code when you do not have access to a phone or your Google Authenticator application. Each recovery code is single-use, and you should save these codes in a secure place. When you generate new recovery codes, you invalidate previously generated ones.

1

In Ops Manager, click Settings, then Account.

2

Select the pencil icon for Two Factor Authentication.

Or, if this is the first time you are setting up an account, click the Configure button to the right side of the Account page and follow the instructions.

3

Select Generate New Recovery Codes.

Keep the codes in a safe place. Each code can be used in conjunction with your username and password to not only access Ops Manager but to reset your security settings on Ops Manager.