With the release of version 9.0.0, Axcient x360Recover provides basic support for multi-factor authentication (MFA) to enhance security. For this release, enhanced authentication is provided only for the Management Portal, (the most essential access point to your managed devices).
x360Recover MFA supports open One-Time-Password (OTP) applications that run on any smart phone. You may install any compatible application (such as Google Authenticator or Authy.)
NOTE: OTP is highly reliant on accurate time synchronization. Both the smart phone running the authentication app and the Management Portal must be synced to the correct time in order for both to agree on the generated MFA token.
Two-Step login criteria in the Management Portal
With multi-factor authentication enabled, an additional step is required to complete login to the Management Portal.
Enter the one-time MFA code generated by the authentication app that you configured when enabling MFA (see below):
Enable MFA (Multi-Factor Authentication)
1. Login to the Management Portal as the admin user.
2. Navigate to the Settings page.
3. Select Multi-factor Authentication tab from the left panel.
4. Select the Enabled checkbox to generate a random crypto set and generate a QR code image for configuring your authenticator app.
5. Open the app on your smart phone and scan the QR code to import the MFA configuration.
4. Once your app is configured, enter the generated MFA token and click Save to complete activation of multi-factor authentication on your Management Portal.
When you have multiple technicians managing x360Recover additional users can also configure a compatible app on their smart phones and scan the generated QR code. (All users will share the same MFA token configuration.)
Disable Multi-factor Authentication
To disable multi-factor authentication, a valid MFA token is required to save changes.
- Uncheck the Enabled box, enter a valid MFA token, and click Save.
NOTE: In the event that all configured smart phone devices are lost and valid MFA tokens are not available, contact Axcient Support for assistance in disabling MFA from the back end to re-enable logins.
Security considerations
If it becomes necessary to expire a given token configuration (for example, due to a change in authorized user status or because of a compromised configuration), you can generate a new crypto key and QR image by disabling and re-enabling multi-factor authentication:
- Login to the Management Portal as the admin user
- Navigate to the Settings page and select Multi-factor Authentication from the left pane
- Uncheck the Enabled button, enter a valid MFA token and click Save
- Delete the previous MFA configuration from the OTP app on all authorized devices
- Check the Enabled check box
- Configure an OTP app on at least one device, enter the MFA token and click Save
- Configure an OTP app on any additional authorized devices as necessary
CRITICAL NOTE
It is imperative you keep the generated QR code image secure.
- Any user can configure an app to generate valid MFA tokens with access to this QR code image.
- Do not digitally share or otherwise expose this QR code image online.
- It should only be used for direct configuration of OTP applications for authorized users and devices.