ALIF: Two Factor Authentication (2FA)

Log in to the AIM's web interface and navigate to the Users page. There are several ways of enabling 2FA for users, except the anon and api_anon user accounts.

• Option 1: In the 2FA column for each user is a tick box. When the state of the tick box changes, an Apply button will appear at the bottom. Clicking the Apply button will save the changes.
• Option 2: At the bottom of the Users list are two buttons, Enable 2FA for All Users and Disable 2FA for All Users. Clicking either of these options will affect all the users accordingly.
• Option 3: When you edit a user, you can set the Require Password option and use Keep Existing Password + 2FA OTP

• Log into the AIM’s web interface.
• From the Side Menu, choose User Management and then Users.
  
  
  
  
• There are several ways of enabling 2FA for users, except the anon and api_anon user accounts.
  • Option 1: In the 2FA column for each user, you can use the toggle button to enable and disable.
  • Option 2: Select the users you wish to modify using the checkboxes. At the top right of the list, you can choose to Enable 2FA or Disable 2FA. The number in brackets indicates how many of your selected users are eligible for that specific action (e.g., if a user already has 2FA enabled, they will only be counted under the 'Disable' action)
  • Option 3: When you edit a user, in the Security & Access section, you can toggle the 2FA Required. Password Required must also be enabled.

On the page will find the following elements:-

• A QR code that you need to set up the Authenticator application.
• The Recovery code. This is a one-time unique password that you should copy and store somewhere securely. This code can be used to login should you have problems using the OTP.
• The date and the time period where the OTP password generated from the Authenticator will be valid, Whilst the authenticator application changes the code every 30 seconds. the AIM will allow login provided that the OTP code is valid between these times. By default this is a 2-minute period, however, this can be changed under Dashboard -> Settings -> General and changing the 2FA OTP Window time. This can be set between 1 and 9 minutes.
• An OTP text box to enter the code that is generated from the Authenticator application.

  
  

On the page will find the following elements:-

• A QR code that you need to set up the Authenticator application.
• The Recovery code. This is a one-time unique password that you should copy and store somewhere securely. This code can be used to login should you have problems using the OTP.
• The date and the time period where the OTP password generated from the Authenticator will be valid, Whilst the authenticator application changes the code every 30 seconds. the AIM will allow login provided that the OTP code is valid between these times. By default this is a 2-minute period, however, this can be changed under System Care -> Global Configuration -> Security Settings and changing the 2FA OTP Window time. This can be set between 1 and 9 minutes.
• Six single number OTP input boxes to enter the six-digit code that is generated from the Authenticator application.

  
  

If you enter an incorrect OTP, you get an opportunity to enter it again, and you can use the one-time recovery password to login too. Entering the Recovery code and clicking Disable 2FA will turn the feature off.

If you enter an incorrect OTP, you get an opportunity to enter it again. After five incorrect attempts, you will be blocked for five minutes. If you no longer are able to provide a OTP, you can use the one-time recovery password to login. Entering the Recovery code and clicking Disable 2FA will turn the feature off.