Setting up the built-in Multi-Factor Authentication
This FAQ topic is only relevant for Awingu administrators, not end-users.
This FAQ topic concerns Awingu 4.3. If you are running a later version of Awingu, you can find the latest admin guide here.
Awingu has a built-in Multi-Factor Authentication (MFA) counter-based OTP (one time password) and time-based OTP options.
- The first time a users logs in, they have to configure an application on their smartphone.
- Each next time they log in, they have to provide a token generated in that application.
Note that the OTP token will also be asked when required to login when using Awingu as Identity Provider or as Reverse Proxy.
OTP can be enabled for each domain, cf. User Connector Configuration: in the Multi-Factor Authentication section, enable the option Counter-based OTP (built-in). Optionally, the admin can choose to allow users to remember their device for 30 days or to whitelist some networks. In those cases, no OTP token will be asked at login.
The button Manage User Token Count allows the admin to reset the token count for specific users. When the token is reset, the user will need to set-up their device again.
- Check out our FAQ topic about ‘How does a user set up MFA with Awingu?’
If you require more information about this topic, we’re happy to refer to our Awingu Admin Guide.