- Notes, cautions, and warnings
- Disclaimer
- Preface
- Introduction
- Authentication
- Component access control
- Login security settings
- Log in to the PowerProtect Data Manager Appliance REST API
- User and credential management
- Authentication types and setup
- Multi-factor authentication
- iDRAC
- Identity providers
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security certificates
- External component certificate management
- Security Updates and Patching
- Authenticity and Integrity
- About product authenticity and integrity
- Verification
- Verify the signer or signers for Windows binaries
- Verify the vendor for Linux (RPM-based) packages
- Verify the vendor for Linux (Debian-based) packages
- Verify GPG signatures for Linux (RPM-based) packages
- Verify the signature for JAR files
- Verify SHA-256 checksums in Windows
- Verify SHA-256 checksums in Linux
- Verify SHA-256 checksums in AIX
- Miscellaneous Configuration and Management Elements
- REST API Procedures
- TLS Cipher Suites
- Glossary
PowerProtect Data Manager Appliance 5.15.0.0 Security Configuration Guide for DM5500
Enabling Multi-factor authentication
About this task
Steps
-
Go to
.
The One-Time Password (OTP)- Authenticator Apps is disabled.
-
Click
Disabled and scroll the toggle option, to enable One-Time Password (OTP) Based Authentication.
The OTP status is enabled. A dialogue window is displayed with information on Bypass Accounts.NOTE: In PowerProtect Data Manager Appliance, when MFA is enabled, only the admin role is able to shutdown the appliance as this is a default account added in bypass account list. Other role accounts are not allowed to shutdown the appliance.
Any other administrator role user can only perform the appliance shutdown, if the account is added to the Bypass account list.
-
Click
View authentication settings to display the default settings value.
NOTE:Users are not allowed to modify these setting values.
- OTP Type : By default, Time-Based OTP is displayed. The server validates the OTP by comparing the hashes within a window of time to the submitted value. TOTPs are valid for a short window of time.
- Hash algorithm : The hashing algorithm used by token generator. By default, SHA256 is displayed.
- Number of digits : Length of the OTP, which is set to 6 by default.
- Look ahead window : The number of intervals the server attempts to match the hash. The default value of 1 is adequate. For example, if the time interval for a token is 30 seconds, the default value of 1 means it will accept valid tokens in the 90-second window (time interval 30 seconds + look ahead 30 seconds + look behind 30 seconds). Every increment of this value increases the valid window by 60 seconds (look ahead 30 seconds + look behind 30 seconds).
- Supported Application : By default, Google Authenticator appliance is set.
- Retry count : The number of wrong OTPs provided, that can lock an account. 3 is the default value.
- Token period : The time interval, the token generator takes in seconds to generate a new TOTP. The default value of time period is set to 15 seconds.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\