My webMethods Server 10.11 | My webMethods Server Webhelp | Administering My webMethods Server | My webMethods Administrator Functions | Managing My webMethods Configuration | My webMethods Server and Multi-Factor Authentication
 
My webMethods Server and Multi-Factor Authentication
 
Configuring Multi-Factor Authentication with Time-Based One-Time Passwords
You can configure My webMethods Server to require two-factor authentication with a time-based one-time password (TOTP). My webMethods users can get a temporary pass code through a preconfigured authenticator application, and supply the code on a dedicated screen, before logging in to My webMethods with their credentials.
Alternatively, you can develop a custom authentication scheme and customize the login page for My webMethods to require both the TOTP code and user credentials on a single screen using the My webMethods Server API. For more information, see webMethods CAF and My webMethods Server Java API Reference.
Implementing a two-factor authentication flow with a time-based one-time password in My webMethods Server requires the following:
*A valid e-mail server configuration. For information about how to configure an e-mail server for My webMethods Server, see Managing Email Settings.
*A valid e-mail address, configured on the User Information page for every user that must access My webMethods using a time-based one-time password.
*A valid TOTP configuration.
*For each My webMethods user, an authenticator application, configured with the shared secret that My webMethods Server generates on the User Information page for the user.