Enabling Multi-factor Authentication
API Portal provides multi-factor authentication (MFA) that requires the use of a one-time password to verify a user's identity for a login. You can enable this feature in the API Portal user management console.
To enable multi-factor authentication
1. Log on to UMC as an Administrator.
2. Click Configuration.
3. Click Security > Multi-factor authentication in the left navigation pane.
4. Click 
. 5. Select Use multi-factor authentication to enable it.
Alternatively, you can also set the configuration property com.aris.umc.authentication.multiFactor.active as true under Configuration > All section.
Note: | You can provide a value for Clock skew intervals or use the configuration property com.aris.umc.authentication.multiFactor.clockSkew to set the interval for which the generated OTP is valid. Each interval is 30s. |
Note: | When MFA is enabled and you want few users to be excluded from MFA, you can add the users, comma separated if there are multiple entries, under the Excluded users. By default all the system users are included in this list. |
6. To generate and send out a secret token to users who were onboarded before enabling multi-factor authentication, do the following:
a. Click Configuration.
b. Click All in the left navigation pane.
c. Ensure that the property com.aris.umc.notification.otpSecretChanged.enabled is set to true.
d. Click User management in the title navigation bar.
e. Click the required user.
f. Click Generate token secret.
A new token is generated and sent to the respective user.
Note: | The user receives a mail with the token secret which can be used to generate an OTP to log on to API Portal. |
These steps must be performed for every user who was onboarded before MFA was enabled.
