Working with Automatic Per-User Shared-Secret

Describes the procedure to Automatic Per-User Shared-Secret

Automatic per-user shared-secret is the default and recommended method for configuring two factor authentication. It allows having a separate shared-secret for each user, which is generated by the system for them. The shared-secret will be presented to the user upon the first login.

Configuring Two Factor Authentication with Automatic Per-User Shared-Secret

The following section describes how to configure two factor authentication using automatic per-user shared-secret.

Perform the following steps to configure two factor authentication with automatic per-user shared-secret.

  1. From the Appliance Web UI, navigate to Settings > Security > Two Factor Authentication.

  2. Check the Enable Two-Factor-Authentication check box.

  3. Select the Automatic per-user shared-secret option.

    The following pane appears with the options to enable this authentication mode.

    Two Factor Authentication with Automatic per-user shared-secret pane

  4. If required, then you can customize the message that will be presented to users upon their first login.

    Check the Advanced Settings check box to display the Console Message button. By clicking Console Message, a new window appears where you can review and modify the message that will be presented to the user.

    Reviewing the user-message for CLI users

  5. You can apply the following logging-settings in order to specify what to log:

    • Log failed log-in attempts
    • Log any successful log-ins
    • Log only first-successful log-in
  6. Click Apply to save the changes.

Logging in to the Web UI

Before beginning, be aware of time limits. When entering codes from the authenticator there is a time limit. Ensure codes are entered in the Enter Authentication code field within the displayed time limit.

The following section describes how to log in to the Web UI after configuring automatic per-user shared-secret.

Perform the following steps to login to the Web UI:

  1. Navigate to the ESA Web UI login page.

  2. In the Username and Password text boxes, enter the user credentials.

  3. Click Sign in.
    The Two step authentication screen appears.

    2 step authentication screen

  4. Scan the QR code using an authentication application.
    Alternatively, click the Can’t see QR code? link.
    A QR code gets generated and displayed below it as shown in the figure.

    2 step authentication with QR code screen

  5. Enter the displayed code in the authentication app to generate One-time password.

  6. In the Enter authentication code field box, enter the one-time password, and click Verify.

After the code is validated, the ESA home page appears.

Last modified January 21, 2025