 Role Availability
|
 Read-Only
|
Investigator |
Analyst
|
Manager
|
To protect your USM Anywhere account, enable multifactor authentication (MFA) A method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence.. MFA adds extra security because it requires multiple factors to authenticate Process used to verify the identity of a user, user device, or other entity, usually through a username and password. a user, making it more difficult for an unauthorized person to gain access to the account. In USM Anywhere, MFA provides a layered defense of two independent credentials: what you know (your username and password) and what you have (security token on your personal device).
To use multifactor authentication in USM Anywhere, you must have a mobile device that supports an Authenticator app. LevelBlue recommends the Google Authenticator app, which is available for iOS and Android devices. Google Authenticator implements two-step verification services using the Time-Based One-Time Password (TOTP) algorithm and HMAC-Based One-Time Password (HOTP) algorithm for authentication.
Configuring MFA for Your Account
Before you set up MFA for your account, you must install the Authenticator app on your device.
To configure MFA for your account
- In the lower-left corner of the USM Anywhere web user interface (UI), click the
icon, and then select Profile Settings. - Select Enable Multi-Factor Authentication, and then click Save.
- Click the icon, and then select Logout.
- Click Login.
- On the login page, enter your username and password, and then click Login.
USM Anywhere displays the Multi-factor authentication page to prompt you to complete your MFA configuration. The displayed page provides a unique QR code that is used by the Authenticator app to retrieve a verification code.
- Open the Authenticator app on your device.
- Scan the QR code using the Authenticator app.
- Enter the one-time passcode in the text box of the USM Anywhere, and then click Verify Code and Login.
Activating Required MFA
Users in a manager role can require non-admin users to log in using MFA. If a manager user enables this setting and you do not already have MFA configured, you will be prompted to set up MFA upon your next log in.
Before you set up MFA for your account, you must install the Authenticator app on your device.
To activate required MFA
-
On the login page, enter your username and password, and then click Login.
USM Anywhere displays the Multi-factor authentication page to prompt you to activate MFA for your account. The displayed page provides a unique QR code that is used by the Authenticator app to retrieve a verification code.
-
Open the Authenticator app on your device.
-
Scan the QR code using the Authenticator app.
-
Enter the one-time passcode in the text box of the USM Anywhere, and then click Verify Code and Login.
Changing Your Authentication Device
In the event that you lose or change your mobile device, there is a function to reset the MFA for your user account. Another user in your USM Anywhere environment can edit your user account to reset the QR code used to pair the device with your account.
To change your authentication device
- Go to Settings > Users.
- Click the
icon of the user for whom you want to reset the MFA account. Your role must be Manager. - Click Reset Multi-Factor Authentication.
- Click Cancel.
A message displays at the top of the page to inform you about the success of the MFA reset request.
After the reset, USM Anywhere displays the Multi-factor authentication page at your next login Log in (verb): Process in which an individual gains access to a computer system after providing sufficient credentials to authenticate their unique identity. Login (noun): User credentials, typically a username and matching password.. Follow the same steps to set up the authentication with the new device.
Related Video Content
Feedback