Setup MFA for a user account
Multi-Factor Authentication (MFA), also known as Two-Factor Authentication or 2FA, is a simple and robust method to guard against cybersecurity threats and provides another layer of security to SolarWinds Application Management user accounts. MFA does not replace the need for credentials, but requires an additional security code generated dynamically on another device.
When MFA is enabled for an organization, each user is required to set up MFA for their user account. If MFA is configured for a user account, a second authentication method is triggered after entering login credentials. A 6-digit verification code generated by an authentication app is required to complete the login process. See Log in to AppOptics.
If MFA is enabled for your organization, each organization member is prompted to set up Multi-Factor Authentication during the next login to any SolarWinds Application Management product.
Download and install an authentication app on one of your devices. This app will be used as part of your login process, so make sure you install it on a device you have consistent access to. The following authentication apps are recommended:
Open the authentication app. Add a new account in the authentication app and either:
Scan the QR code with your device
In the SolarWinds Set up Multi-factor authentication page, click Show secret key for manual configuration and enter the secret key in the authentication app
Once your authentication app is configured with a solarwinds.com account, click Next.
In the SolarWinds Two-factor authentication page, type two consecutive authentication codes from your authentication device. Authentication codes expire quickly; wait for a new code to display before you enter the first code in the field. Then wait for the code to change again and enter the new code in the second field.
To temporarily save this device as a trusted device and avoid having to re-enter authentication codes, select the Remember this device for 30 days checkbox.
Click Log in.
MFA is now configured for your user account. The next time you log in, you will be prompted to enter an authentication code from your authentication app. If you do not have access to the device with the authentication app, you can log in using recovery codes. SolarWinds recommends you Store recovery codes somewhere safe to ensure continued access to your account when you do not have access to your authentication device.
In your user Profile you can view and remove trusted devices, view recovery codes, and reset your MFA setup.
To clear the MFA setup for your user account, click Reset MFA setup. All recovery codes and trusted devices are removed from your profile, the codes from the authentication app no longer work for this device, and you are logged out of your user account. When you log in to your user account again, you will be prompted to set up MFA again.
When you log in to a SolarWinds application and enter an authentication code, you are given the option to temporarily remember the current device as a trusted device. A trusted device allows you to log into SolarWinds applications from the device without entering an authentication code. If the device you used is no longer trustworthy, you can remove the device from the list of trusted devices.
To remove a trusted device, click the Delete icon next to the device name. Review the device information in the confirmation dialog and click Remove. Multi-Factor Authentication is required when logging in from the untrusted device.
If you cannot access your trusted device use recovery codes to log in. Recovery codes can only be used once; as soon as a code is used, it becomes invalid. Store a copy of these codes in a safe place where you can easily retrieve them - but not on your trusted device.
Click the Show link next to MFA Recovery Codes. Enter your password in the field provided and click Confirm. All of your recovery codes are listed; gray text with a line struck through the middle of the text identifies codes that are no longer available for use.
To store your codes in a safe place, do one of the following:
- Click Copy to copy all codes to the clipboard. Paste the codes to a text file and save the file somewhere safe. If the current device is a trusted device, print the codes or send them to another safe location.
- Click Download to save the codes as a text file to your device. If the current device is a trusted device, print the codes or send them to another safe location.
- Write the unused codes down on a piece of paper and store that paper in a safe location.
If all the recovery codes have been used, if you lost the recovery codes, or can no longer trust the device that the codes are stored on, you can create new recovery codes. Click Regenerate to create new codes. All previous codes will no longer work and new codes will be created.