Configuring 2FA for system administrators

To set up 2FA for your account

Admin panel

  1. Install an authenticator app, such as Google Authenticator or Microsoft Authenticator, on your mobile device.
  2. In the admin panel, click the profile icon in the top-right corner and select Configure 2FA.
  3. Add your account to the authenticator app by scanning the displayed QR code. If you cannot scan the code, click Setup key and enter the provided key in your app.
  4. Enter the 6-digit code from the app and click Configure.

Command-line interface

  1. Generate a setup key. For example:

    # vinfra domain user totp generate-secret
+--------+----------------------------------+
| Field  | Value                            |
+--------+----------------------------------+
| secret | QCZTZ7KMDFVC5QWZNSHWZJSSOJ77HGZW |
+--------+----------------------------------+

  2. In your authenticator app, enter the desired name and the generated key.

  3. Enable 2FA authentication:

    vinfra domain user totp enable --secret <secret> --passcode <passcode>
    --secret <secret>
    Generated TOTP secret
    --passcode <passcode>
    6-digit passcode from the authenticator app

    For example, to enable 2FA with the setup key QCZTZ7KMDFVC5QWZNSHWZJSSOJ77HGZW and code 353810, run:

    # vinfra domain user totp enable --secret QCZTZ7KMDFVC5QWZNSHWZJSSOJ77HGZW --passcode 353810

    You can check the 2FA status in the vinfra domain user totp show output:

    # vinfra domain user totp show
+--------+---------+
| Field  | Value   |
+--------+---------+
| status | enabled |
+--------+---------+

To restore the access when 2FA is set up

If you have lost access to your second-factor device (for example, your phone is lost, stolen, or reset), you can do the following:

  • Try restoring the authenticator app from a backup, if available.
  • Contact another system administrator and ask to reset 2FA settings for your account.
  • Contact the technical support team.

Once the access is restored, you must reset 2FA and configure it again.

To reset 2FA

Admin panel

  1. Click the profile icon in the top-right corner of the screen and select Reset 2FA.
  2. In the confirmation window, click Reset.

Now, you will be logged out automatically and can reconfigure 2FA.

Command-line interface

Use the following command:

vinfra domain user totp disable --passcode <passcode>
--passcode <passcode>
6-digit passcode from the authenticator app

For example, to disable 2FA with the code 146246, run:

# vinfra domain user totp disable --passcode 146246

You can check the 2FA status in the vinfra domain user totp show output:

# vinfra domain user totp show
+--------+----------+
| Field  | Value    |
+--------+----------+
| status | disabled |
+--------+----------+
Related Topics Link IconSee also