Lyve Cloud Documentation

Using multi-factor authentication (MFA)

Multi-factor authentication (MFA) is a security mechanism that adds a layer of protection to the sign-in process to access the Lyve Cloud console. Choose the one-time password (OTP) option (using third-party authenticator apps such as Google, Microsoft, or Oracle Mobile Authenticator) or the SMS text message as the second level of authentication.

By default, MFA is configured for all Lyve Cloud users and users must go through an additional registration step to complete MFA setup. The registration occurs during their successful first sign-in attempt. Users are then prompted to use the second level of authentication for subsequent login attempts. Setting cannot be changed to disable MFA.

MFA-Mandatory-1.png
About MFA

MFA configuration provides these 2nd-factor authentication options:

  • Password + SMS text message: Sets password and SMS as a two-factor authentication policy for users to sign in to the Lyve Cloud console.

  • Password + One-Time Password (OTP): Sets password and OTP as a two-factor authentication policy for users to sign in to the Lyve Cloud console. To use OTP, users must download a third-party authenticator to their phone.

MFA login workflow
Docs-MFA-2.png
How does MFA work?
If MFA is enrolled

All IAM users are required to set up their 2nd-factor authentication separate from their password. Users can choose one of these MFA methods:

Users must login to the Lyve Cloud console. Using the 2nd-factor authentication. For more information, see MFA login workflow.

  • Using the authenticator app: The authenticator app must be installed on your phone. Use the authenticator app to scan the QR code during the MFA enrollment. This enables the one-time password (auto-generated every 30 seconds) to be entered whenever you log in to Lyve Cloud.

  • Using an SMS service: Use any mobile device with a phone number able to receive SMS text messages. When an MFA code is needed, Lyve Cloud sends a six-digit verification code to the phone number configured by the IAM user. Text messaging charges from the mobile carrier apply when choosing SMS-based MFA.

    When a user attempts to login to Lyve Cloud, a code is sent via SMS, which the user has to enter to complete the transaction.

If MFA is not enrolled

If any user (new user or existing user) has set a password as the first method of authentication but does not enroll in MFA, in that case the user is prompted to enroll either using SMS service or the authenticator app after successful login using the password.

Users are not allowed to login into the Lyve Cloud console if they do not enroll in MFA

Users login workflow
Users_Login_workflow.png
Enrolling in MFA

MFA is configured for all Lyve Cloud users in the account to include an additional verification method. You can enroll after you have set the password. For more information, see Registration workflow for password authentication type.

Procedure. To enroll in MFA:

You must set up the required MFA enrollment to access Lyve Cloud. Every time you log in to Lyve Cloud, you must follow the two-step authentication process. Lyve Cloud requests users to enter the OTP generated from the authenticator application or SMS.

  1. Login to Lyve Cloud using your credentials.

  2. Select the authenticator app or SMS as your second authentication method:

    • If you choose the authenticator app option, scan the QR code from the authenticator app on your phone.

      Docs-MFA-4.png
      • Enter the one-time passcode (OTP) displayed on the authenticator app and select Submit.

        Note

        Use any 3rd-party authenticator app such as Google, Microsoft or Oracle Mobile Authenticator. The authenticator app generates a random OTP and expires within a time limit.

    • If you choose to use SMS, select the SMS link I'd rather use SMS located below the QR code field.

      Docs-MFA-5.png
      1. Select the Country code.

      2. Enter the phone number to receive the SMS passcode and select Continue.

      3. Enter the code received on your phone as an SMS and then select Submit.

        Docs-MFA-6.png
  3. Once the verification code is entered, save the recovery code.

    Docs-MFA-7.png

    Note

    Save a copy of the secret key in a secure place. If you lose the MFA device, you can use the recovery code to log in.

    The recovery code allows one-time login to the Lyve Cloud console.

  4. Check the I have safely recorded this code checkbox and select Submit to complete MFA enrollment.

Resetting MFA for an individual IAM user

The Reset MFA feature allows admins to reset the IAM users' MFA enrollment. The reset action removes the old MFA entry. The user will then be unable to sign in to the Lyve Cloud console until they reset the MFA.

Make sure the users have an active phone number if you want to set Password + SMS Text Message, or an authenticator app installed on their phone if you want to set Password + One-Time Password (OTP) as your authentication type.

Procedure. To reset MFA
  1. On the left-hand menu, select Users. A list of users is displayed on the Users page.

  2. Select the ellipsis next to the user, then select Reset MFA.

  3. To reset that user’s MFA, select Yes.

After MFA is reset, users must re-enroll in MFA, see Enrolling in MFA.