Multi-Factor Authentication with 3rd-party Authenticators
When multi-factor authentication (MFA) is enabled for PrivX users, they are required to input a time-based PIN code (in addition to their account password) to log into PrivX.
PrivX users must set up and use an authenticator app (such as Authy or Google Authenticator) to log in with MFA.
MFA Setup
In PrivX, MFA is enabled/disabled per user directory:
On the Administration→Directories page, Edit a directory entry.
Expand Advanced directory settings. Under the Multi-factor authentication settings section, set the MFA type. Set it to TOTP MFA (time-based) to enable MFA; set it to Disabled to disable MFA.
Click Save to apply the changes.
Loggin in with MFA
When MFA is enabled, PrivX users can obtain their MFA code and log in as follows:
Log into PrivX normally, using your user name and password.
If you have not done so before, you will be asked to import your MFA code. This allows you to obtain PIN codes for MFA login.
Scan or enter the code into your authenticator app (such as Authy or Google Authenticator). After this, your authenticator app should display 6-digit time-based PIN codes.
Click Next to proceed.
Enter the PIN code displayed in your authenticator app. After this you should be logged into the PrivX GUI.
Reobtaining MFA Codes
If a PrivX user has lost their MFA code, you can set PrivX to offer a new MFA code upon their next login:
On the Settings→Users page, click the user who needs a new MFA code.
Under Multi-factor authentication, click ☰ and select Reset MFA Pairing. Verify that the Multi-factor authentication status is updated to Enabled, not activated.
The user is prompted to import a new MFA code upon their next PrivX login.