# Multi-factor User Authentication
# Time-based One-time Passwords
Users can configure multi-factor authentication using Time-based One-Time Passwords (TOTP). When multi-factor authentication is enabled, users can use any authenticator application which generates time-based one-time passcodes to log in to the workspace portal or when connecting over SFTP.
# Enabling Multi-factor Authentication
To allow users to configure multi-factor authentication in the workspace portal, you must add the
otp_issuer setting in the application configuration file. This setting should be a human readable string which identifies your FileMage deployment to your end users, such as
Company Name - File Server. This identifier string will appear in the users authenticator application.
FTP connections do not support MFA currently. Users will have to use SFTP or the workspace portal.
# Requiring Multi-factor Authentication
Administrators can require users to set up multi-factor authentication before viewing their workspace. When multi-factor authentication is required, users without multi-factor authentication set up will be redirected to the multi-factor authentication setup page when attempting to log in.
To require users to setup multi-factor authentication before logging in, go to the user edit page in the management portal and check the Require multi-factor authentication checkbox.
# Setting Up Multi-factor Authentication
To set up multi-factor authentication, log in to the workspace portal, and click on Settings in the navigation bar. Scroll down to the Two-factor authentication section and click on Enable two-factor authentication.
Using an authenticator application on your phone, scan the QR code which appears. A new application will be added to the authenticator application with the label that was specified in
otp_issuer. Enter the 6 digit passcode that is shown on the authenticator application in to the input field and click continue. You will now be required to retrieve a passcode from the authenticator application each time you log in.
After setting up multi-factor authentication, you will be prompted to download a set of recovery codes. It is recommended that you download these codes and store them in safe location. These codes can be used to log in to your account in case you loose access to the device with the authenticator application.
# Disable Multi-factor Authentication
Users may disable multi-factor authentication at any time by clicking on the Settings in the workspace portal navigation bar and then clicking Disable multi-factor authentication in the multi-factor Authentication section.
If a user is not able to login due to multi-factor authentication they must contact an administrator and request that they disable the multi-factor Authentication configuration for them. To do this, an administrator must log in to the management portal and click Disable multi-factor Authentication on the user edit page.