Configure two-factor authentication

  1. On the top navigation bar, click System.

  1. From the left navigation pane, select System Settings > Security Settings > Certificate Config > Authentication Policies.

  1. Select 2FA.

  1. Enable the two-factor authentication service.

  1. Configure the two-factor authentication parameters.

Table-1 Configuring two-factor authentication parameters

Parameter

Description

2FA Mode

Select a two-factor authentication mode, including email, phone, FEITIAN, AISEC, and third-party 2FA authentication.

Email/Phone

Configure the verification code lifetime and verification code. Email and phone authentications take effect on all users in the system. To use either authentication mode, all users need to configure email address and phone number for receiving verification code in login authentication. In addition, you need to configure email or SMS notification settings. For more information, see Configure notification settings.

  • Verification Code Lifetime: Select the verification code lifetime.

  • Verification Code: Click Send to obtain a verification code through the connected email or phone, and enter the received verification code on the page before the verification code lifetime expires. If the verification is passed, the authentication settings take effect.

FEITIAN Authentication/ AISEC Authentication/ Third-Party 2FA

Configure FEITIAN, AISEC, or third-party 2FA authentication. After the two-factor authentication settings take effect, you must select the users to authenticate in login. The users need to obtain verification code through a third-party platform.

  • FEITIAN Authentication: Log in to FEITIAN OTP Authentication Server to download an authentication proxy file, click Select File to upload the file to the system, and then click OK. The authentication settings take effect.

  • AISEC Authentication: Enter an AISEC authentication server address and click OK. The system will perform verification automatically. If the verification is passed, the authentication settings take effect.

  • Third-Party 2FA: Enter a customized service name and a third-party verification interface address. Then click OK. The system will perform verification automatically. If the verification is passed, the authentication settings take effect.

 

  1. (Optional.) Select the users to perform FEITIAN, AISEC, or third-party 2FA authentication.

  1. On the top navigation bar, click System.

  1. From the left navigation pane, select Access Control > User > Local User.

  1. Select the target users.

  1. Click Permit FEITIAN Authentication, AISEC Authentication, or Third-Party 2FA.

  1. In the dialog box that opens, click OK.

If the users do not need to perform FEITIAN, AISEC, or third-party 2FA authentication, select the users, and click Deny FEITIAN Authentication, AISEC Authentication, or Third-Party 2FA.