Skip to main content

Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is a security method that requires two different forms of verification to confirm a User's identity, significantly strengthening the security of UDMG Admin UI. By requiring not only a username and password but also a one-time code from an external authenticator app, 2FA protects against unauthorized logins even if primary credentials are compromised. TOTP (Time-based One-Time Password) codes refresh every 30 seconds, ensuring that intercepted codes quickly become useless to attackers. This additional security layer is essential for protecting sensitive systems and meeting compliance requirements in enterprise environments.

Once enabled for a User, enrollment is required at the next login. After enrollment, the User must provide both their primary credentials (Standard or LDAP) and a valid TOTP code to access UDMG Admin UI.

info

2FA is supported only for Users with Standard or LDAP authentication as their Login Method. It is not available for Users with Single Sign-On (SAML / OIDC) authentication or Accounts.

2FA Configuration

2FA is configured at the User level and thus Domain level. To require 2FA for a User, follow these steps:

  1. From the Sidebar, click General > Users.
  2. Click the Username of the User you want to edit. The User's Login Method must be set to Standard or LDAP.
  3. Click the Edit button above the User details.
  4. Enable the Require Two-Factor Authentication (TOTP) toggle.
  5. Click Update.
info

Only Admin Users can enable or disable 2FA.

2FA Enrollment

When 2FA is enabled, Users must enroll in an external authenticator app at their next login and provide a TOTP code for every subsequent login. The enrollment process uses an intuitive guided modal with three streamlined steps: Configure, Verify, and Activate. This one-time setup ensures secure access while maintaining a user-friendly experience.

Configure

  1. From the modal, scan the QR code with your preferred authenticator app.
  2. If you're having trouble scanning the QR code, click the Can't Scan It? link.
  3. Manually enter the Secret Key, Issuer, and Account (Username) into your authenticator app.
  4. The authenticator app will display a new account entry for UDMG Admin UI.

Verify

  1. Enter the 6-digit code from your authenticator app. You typically have 30 seconds to add the new code before a new code generates.
  2. Click Next.

Activate

  1. You should see a "Setup Complete!" message. If not, click Back and enter a new code.
  2. Click Continue
  3. You'll be automatically redirected to the UDMG Admin UI landing page.

2FA Reset

If a User loses access to their authenticator app (for example, due to a lost or replaced device), an Admin must reset their 2FA enrollment. Resetting the User's 2FA clears the stored TOTP secret and enrollment status, allowing the User to re-enroll at their next login.

To reset 2FA for a User, follow these steps:

  1. From the Sidebar, click General > Users.
  2. Click the Username of the User you want to reset.
  3. Click the Reset TOTP button above the User details and confirm the action.
  4. The User will be prompted to set up 2FA again at their next login.
info

Only Admin Users can reset 2FA. Users cannot reset their own enrollment.