My webMethods Server and Multi-Factor Authentication
You can configure My webMethods Server to require two-factor authentication with a time-based one-time password (TOTP). My webMethods users can get a temporary pass code through a preconfigured authenticator application, and supply the code on a dedicated screen, before logging in to My webMethods with their credentials.
Alternatively, you can develop a custom authentication scheme and customize the login page for My webMethods to require both the TOTP code and user credentials on a single screen using the My webMethods Server API. For more information, see webMethods CAF and My webMethods Server Java API Reference.
Implementing a two-factor authentication flow with a time-based one-time password in My webMethods Server requires the following:
A valid e-mail server configuration. For information about how to configure an e-mail server for
My webMethods Server, see
Managing Email Settings.
A valid e-mail address, configured on the
User Information page for every user that must access
My webMethods using a time-based one-time password.
A valid TOTP configuration.
For each
My webMethods user, an authenticator application, configured with the shared secret that
My webMethods Server generates on the
User Information page for the user.