When multi-factor authentication (MFA) is enabled for PrivX users, they are required to input a time-based PIN code (in addition to their account password) to log into PrivX.

📘

Note

PrivX users must set up and use an authenticator app​​ (such as Authy or Google Authenticator) to log in with MFA.

MFA Setup

In PrivX, MFA is enabled/disabled per user directory:

1. On the ​Settings→Directories​ page, ​Edit​​ a directory entry.

2. Expand ​Advanced directory settings​​. Under the ​Multi-factor authentication settings​ section, set the ​MFA type​​. Set it to ​TOTP MFA (time-based)​ to enable MFA; set it to ​Disabled​​ to disable MFA.

3. Click ​Save​​ to apply the changes.

Logging in with MFA

When MFA is enabled, PrivX users can obtain their MFA code and log in as follows:

1. Log into PrivX normally, using your user name and password.

2. If you have not done so before, you will be asked to import your MFA code. This allows you to obtain PIN codes for MFA login.

   

   Scan or enter the code into your authenticator app (such as ​Authy​ or ​Google Authenticator​​). After this, your authenticator app should display 6-digit time-based PIN codes.

   Click Next to proceed.

3. Enter the PIN code displayed in your authenticator app. After this you should be logged into the PrivX GUI.

Reobtaining MFA Codes

If a PrivX user has lost their MFA code, you can set PrivX to offer a new MFA code upon their next login:

1. On the ​Settings→Users​​ page, click the user who needs a new MFA code.

2. Under ​Multi-factor authentication​​, click ☰ and select ​Reset MFA Pairing​​. Verify that the ​Multi-factor authentication​ status is updated to ​Enabled, not activated​​.

   The user is prompted to import a new MFA code upon their next PrivX login.